C.2 Direction in which data passes through the firewall
JP1/Base supports address conversion of the packet filtering type and the NAT (static mode) type.
|
Service name |
Port number |
Direction in which data passes through the firewall |
|---|---|---|
|
jp1imevt |
20098/tcp |
JP1/Base that transfers JP1 events -> JP1/Base that receives JP1 events |
|
jp1imevtapi |
20099/tcp |
A program such as JP1/IM - Manager that obtains JP1 events -> JP1/Base |
|
jp1imrt |
20237/tcp |
JP1/IM - Manager -> JP1/Base Upper-layer JP1/IM - Manager -> lower-layer JP1/IM - Manager |
|
jp1imcmda |
20238/tcp |
JP1/IM - View -> JP1/Base on the host where JP1/IM - Manager is installed JP1/IM - Manager -> JP1/Base |
|
jp1imcmdc |
20239/tcp |
JP1/Base on the host running JP1/IM - Manager <--> JP1/Base on the host that executes the command |
|
jp1bsuser |
20240/tcp |
JP1/IM - Manager -> JP1/Base JP1/AJS - Manager -> JP1/Base JP1/AJS - Agent -> JP1/Base |
|
jp1bsplugin |
20306/tcp |
Upper-layer program using services such as JP1/IM - Manager -> JP1/Base When using the JP1/Base health check function: JP1/Base on the monitoring host -> JP1/Base on the monitored host |
|
jp1bscom |
20600/tcp |
JP1/IM - Manager <--> JP1/Base on a different host Upper-layer JP1/IM - Manager <--> lower-layer JP1/IM - Manager |
|
ldap |
389/tcp# |
JP1/Base (authentication server) -> Directory server |
|
ldaps |
636/tcp# |
|
|
ICMP |
-- |
JP1/Base (jp1ping) -> JP1/Base on a different host |
- Legend:
-
->: Communication data goes in one direction (from left to right).
<-->: Communication data goes in both directions (from left to right, and from right to left).
--: None
#: The port number depends on whether SSL is used for communication between JP1/Base (authentication server) and a directory server. If SSL is used, 636/tcp is used.
To use the port numbers listed in Table C-2 to establish a connection, you must set the firewall that lets the service-name port pass through it. You must also set the firewall that allows ANY to pass through it in response to the session established for the port number for service-name. The response must be ANY because the OS performs automatic numbering.
When you install JP1/Base on a firewall server machine, communications within that machine might also be prohibited by the firewall functionality. Therefore, set the firewall server machine to allow communications within the same machine.