Firewall Considerations for Multi-Tier "Enterprise" Edition Data Access Drivers
- The Request Broker host must accept (and all intervening firewalls must permit) inbound connections from all client hosts (and from the Request Broker host itself) to (and responses from) --
- TCP port 60001, in all Releases;
- UDP port 60001, in all Releases;
- TCP port 5000, in Release 3.x and earlier;
- TCP port specified by Rulebook setting [Protocol TCP]:Listen in Release 4.x and later; default is 5000; and
- TCP ports between Rulebook settings [Protocol TCP]:PortLow (default 5000) and [Protocol TCP]:PortHigh (default 60000) (including the port numbers specified for these settings).
- The Generic Client hosts (and all intervening firewalls) must permit outbound connections to (and responses from) the Broker host on --
- TCP port 5000, in Release 3.x and earlier;
- TCP port specified by Rulebook setting [Protocol TCP]:Listen in Release 4.x and later; default is 5000; and
- TCP ports between Rulebook settings [Protocol TCP]:PortLow (default 5000) and [Protocol TCP]:PortHigh (default 60000) (including the port numbers specified for these settings).
- If the Database Agent makes a network connection to the target DBMS (in a "three-tier" or "gateway" deployment), the database server host must accept (and all intervening firewalls must permit) inbound connections on the DBMS listen port(s) (e.g., 5432/tcp for PostgreSQL; 1433/tcp, 1433/udp, 1434/tcp, and 1434/udp for SQL Server, etc.).
- If you have a stateful firewall, return packets from the Request Broker and Database Agents to the clients should be taken care of automatically.
If not, you will also have to address the ephemeral client-side ports.
- The Multi-Tier Admin Assistant listens at TCP port 8000 by default.
This is configurable, via the HttpPort setting in the [Startup] stanza of the www_sv.ini file, typically found in the w3config subdirectory of the bin directory containing the Broker executable, oplrqb.
Related Documentation