5.4.4 Settings when using firewalls

Figure 5-3 shows an example of the JP1/IT Desktop Management 2 system configuration that uses firewalls.

Figure 5‒3: Example of the JP1/IT Desktop Management 2 system configuration using firewalls

When you distribute a package from the managing server through a firewall, you can install a relay system within the firewall to reduce the number of nodes to be defined in the firewall.

For details on the environment settings of the managing server for distributing packages via a firewall, see the manual of your managing server.

Organization of this subsection

(1) Useable firewalls
(2) Port numbers used in JP1/IT Desktop Management 2

(1) Useable firewalls

Table 5-1 shows most popular firewalls that can be used with JP1/IT Desktop Management 2 system.

Table 5‒2: Most popular firewalls that can be used with JP1/IT Desktop Management 2 - Agent
Firewall type	Gateway environment	IP address specified in the /etc/hosts file
Application gateway firewall	General purpose TCP gateway (Plug-G/W)	Assign the address that corresponds to the service names (port number) used in JP1/IT Desktop Management 2 - Agent on the machines where the managing server and the relay system are installed.
Packet filtering firewall	Packet filtering G/W+NAT function^#	Assign the global address specified in the host name definition of the managing server and the relay system as the local host address.

#

NAT (Network Address Translation) is a facility for making the intra-network addresses invisible to the external networks. NAT also prevents the intra-network addresses from leaking to the external networks. There are two address translation policies:

Fixed-address allocation
Dynamic address allocation

JP1/IT Desktop Management 2 can only use the fixed-address allocation policy (STATIC mode).

To Page Top

(2) Port numbers used in JP1/IT Desktop Management 2

When you use JP1/IT Desktop Management 2 in a firewall environment, you must set port numbers in the firewall.

Table 5-2 shows port numbers used in JP1/IT Desktop Management 2.

Table 5‒3: Port numbers used in JP1/IT Desktop Management 2
Communication between:	Port number	Protocol	Sender information	Recipient information
Manager and relay systems	31001	tcp	Manager:Ephemeral^#	Relay system:31001
Manager and relay systems	31021	tcp	Relay system:Ephemeral^#	Manager:31021
Relay systems and clients	31001	tcp	Relay system:Ephemeral^#	Client:31001
Relay systems and clients	31002	tcp	Client:Ephemeral^#	Relay system:31002
Manager and clients	31001	tcp	Manager:Ephemeral^#	Client:31001
	31002	tcp	Client:Ephemeral^#	Client:31002
	31021	tcp	Client:Ephemeral^#	Manager:31021

#: Idle Ephemeral ports are allocated automatically by TCP/IP, normally within the port number range from 1024 to 5000.

To Page Top