11.4.1 Firewall support
JP1/IM and JP1/Base can operate in a firewall environment if you perform the appropriate settings in the firewall. Network environments behind packet-filtering and NAT (static mode)-based firewalls are supported. When setting the firewall, see the lists of port numbers in the appendixes of the manuals for JP1/IM and JP1/Base. Also note the following points when setting the firewall:
-
There are two methods of communication between the manager and agents: communication performed according to the system hierarchy (IM configuration) definition and direct communication where the manager and the target hosts communicate directly (see 9.3 Communication performed in the JP1/IM system environment). You must set up the firewall in a manner that allows both types of communication.
-
JP1/IM and JP1/Base use ports to communicate even when that communication takes place within a local host. If you use JP1/IM and JP1/Base on a host set up as a firewall, the firewall must permit local traffic through all ports used by JP1/IM and JP1/Base.
If Windows hosts are to be monitored, JP1/IM and JP1/Base are not appropriate for monitoring that must pass through a firewall. We recommend that you set up a network configuration in which the communication between JP1/IM - Manager and monitored hosts is not required to pass through a firewall. Note, however, that DCOM will not work in an environment in which NAT static conversion is executed. Accordingly, if NAT static conversion is executed on a firewall located between JP1/IM - Manager and hosts subject to monitoring, remote monitoring will not be possible.
If you need to perform remote monitoring in an environment subject to NAT static conversion, add an additional base manager so that NAT static conversion is not executed between JP1/IM - Manager and hosts to be monitored, but is executed instead between the integrated manager and the added base manager.