Hitachi

uCosminexus Application Server Security Management Guide

B. Registration of Exception Lists (Windows)

If you enable Windows Firewall, you must register the component software programs to the firewall's exception list. Which component software programs you register to the exception list depends on which component software programs are installed.

If you enable the firewall, execute the appropriate command at the command prompt to register to the exception list the component software programs listed in the table below that have been installed. The table below shows the exception list registration command to execute for each component software program. Programs created by using the application server and BPM/ESB infrastructure products must also be added to the exception list. You can use the exception list registration command to register these programs to the exception list as well.

Table B‒1: Exception list registration command to be executed for component software

Installed component software

Requirement for registration to the exception list

Exception list registration command to be executed

Component Container

Required

netsh firewall add allowedprogram program="Application-Server-installation-directory\CC\server\bin\cjstartsv.exe" name="Cosminexus Component Container" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CC\web\bin\cjstartweb.exe" name="Cosminexus Component Container" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CC\client\bin\cjclstartap.exe" name="Cosminexus Component Container" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\manager\bin\adminagent.exe" name="Cosminexus Component Container" mode=ENABLE

Required if server management commands are executed

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\vbj.exe" name="Cosminexus Component Container" mode=ENABLE#1

Required if the scheduling functionality is used by batch commands

netsh firewall add allowedprogram program="Application-Server-installation-directory\CC\batch\bin\cjexecjob.exe" name="Cosminexus Component Container" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CC\batch\bin\cjkilljob.exe" name="Cosminexus Component Container" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CC\batch\bin\cjlistjob.exe" name="Cosminexus Component Container" mode=ENABLE

Required if server communication agents of virtual servers are used

netsh firewall add allowedprogram program="Application-Server-installation-directory\sinagent\bin\sinaviagent.exe" name="uCosminexus SI Navigation System Agent" mode=ENABLE

Component Transaction Monitor

Required

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmchpara.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmd.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmdmd.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmdmstart.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmdmstop.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmgetior.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmholdque.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmidl2cpp.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmidl2j.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmlsque.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmnaminfo.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmregltd.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmridinfo.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmrlesque.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmstart.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmstop.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmstartgw.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmstopgw.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\CTM\bin\ctmtscgwd.exe" name="Cosminexus Component Transaction Monitor" mode=ENABLE

HTTP Server

Required

netsh firewall add allowedprogram program="Application-Server-installation-directory\httpsd\httpsd.exe" name="Cosminexus HTTP Server"mode=ENABLE

TPBroker#2

Required

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\events.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\gatekeeper.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\irep.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\nameserv.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\oad.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\osagent.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\osfind.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\admd.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\otsd.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\trnctxsv.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\tsstoptrnctxsv.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\tscommit.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\tslstrn.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\tsrollback.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\tsstat.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\tsstop.exe" name="Cosminexus TPBroker" mode=ENABLE

netsh firewall add allowedprogram program="Application-Server-installation-directory\TPB\bin\tstrnsts.exe" name="Cosminexus TPBroker" mode=ENABLE

HiRDB/Single Server Version 10

Required if embedded databases are used in Developer or Service Architect

for %%p in (Developer-or-Service-Architect-installation-directory\DB\bin\*.exe) do netsh firewall set allowedprogram %%p "Cosminexus Developer(DB)"

for %%p in (Developer-or-Service-Architect-installation-directory\DB\lib\servers\*.exe) do netsh firewall set allowedprogram %%p "Cosminexus Developer(DB)"

for %%p in (Developer-or-Service-Architect-installation-directory\DB\SAMPLE\sampleconf\*.exe) do netsh firewall set allowedprogram %%p "Cosminexus Developer(DB)"

for %%p in (Developer-or-Service-Architect-installation-directory\DB\SAMPLE\tools\*.exe) do netsh firewall set allowedprogram %%p "Cosminexus Developer(DB)"

for %%p in (Developer-or-Service-Architect-installation-directory\DB\PDISTUP\bin\*.exe) do netsh firewall set allowedprogram %%p "Cosminexus Developer(DB)"

#1: EJB clients that use the vbj command are also excluded from filtering for the firewall.

#2: You can also use the tssetfw command to register exception lists. For details about the tssetfw command, see the TPBroker Additional Features manual.

To Page Top

Trademarks

All Rights Reserved. Copyright (C) 2022, Hitachi, Ltd.