Ports required for EJB Client through a firewall

Technote (FAQ)
Problem
Several ports are required to be opened on the firewall when attempting to use an EJB client through a firewall.
Solution
Environment:
WebSphere Application Server 3.0.2.x AE, 3.5.x AE, 4.0.x AE & AEs

Description:

When connecting an EJB (Java) client through a firewall to an EJB running in WebSphere Application Server, the EJB client needs to communicate with both the admin server Java process as well as the application server Java process running the EJB.

If the firewall filters traffic going from the WebSphere Application Server box to the EJB client box, you need to set the listener port on the EJB client to a fixed value and open it in the firewall. This port is set randomly by default which makes it necessary to fix it to a static value. To do this, add the following property to the java commandline which invokes the EJB client:

-Dcom.ibm.CORBA.ListenerPort=aaaa

where xxxx is an unused port greater than 1023 on the EJB client box

If the firewall filters traffic going from the EJB client box to the WebSphere Application Server box, you need to open several ports through the firewall. You will need to open the listener port, bootstrap port and LSD port for the admin server. You will need to open the listener port for the application server. The listener ports are randomly set by default and must be set to static values which are to be opened through the firewall. To set the listener port for the admin server, add the following line to the <WSAS root>/bin/admin.config file:

com.ibm.CORBA.ListenerPort=bbbb

To set the listener port for the application server, find the Java command line parameter for the application server in the admin console (different location depending on the WebSphere Application Server version) and add the following property:

-Dcom.ibm.CORBA.ListenerPort=cccc

The admin server's bootstrap port is 900 by default, and the admin server's LSD port is 9000 by default.

If WebSphere Application Server security is enabled, the WebSphere Application Server box listens on additional ports which must be opened through the firewall. The admin server listens to the SSL and LSD SSL ports, and the application server listens to its own SSL port. All of these are set randomly by default and must be set to static values to be opened through the firewall. To set the SSL and LSD SSL ports for the admin server, add the following lines to the <WSAS root>/bin/admin.config file:

com.ibm.CORBA.SSLPort=dddd
com.ibm.CORBA.LSDSSLPort=eeee

To set the SSL port for the application server, find the Java command line parameter for the application server in the admin console (different location depending on the WebSphere Application Server version) and add the following property:

-Dcom.ibm.CORBA.SSLPort=ffff

Make sure ports bbbb, cccc, dddd, eeee are all unique unused ports greater than 1023 on the WebSphere Application Server box.












Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, EJB Container
Operating system(s): Multi-Platform
Software version: 3.0.2, 3.0.2.1, 3.0.2.2, 3.0.2.3, 3.0.2.4, 3.5, 4.0
Software edition: Advanced, Single Server
Reference #: 1008407
IBM Group: Software Group
Modified date: 2003-12-12