2 Replies Latest reply on Jan 28, 2011 2:07 PM by Dan Linder

    Application Server in a DMZ

    Jeff Schwartzkopf

      We're trying to put an application in a DMZ.  Having trouble identifying the ports that should be open for the intra-application server communication.  Does anyone know exactly what ports need to be open between the application servers?


      This application server will not be accepting console connections, so I don't think we need port 9841 or 9840 open.


      It looks like we need port 9836 open between the application servers.  Where I get confused is when the admin guides says.....


      " This port is used in a multiple Application Server configuration for Application Server to Application Server communication. It is used in conjunction with the RMI Execution Port 9850+ (which is obtained from the MaxPort/MinPort range when the Application Server starts)."


      Do we also need to open all ports in the MinPort to MaxPort range?  Sounds like it


      I am also confused on port 9831.  We will have provisioning clients in the DMZ report to the local application server on port 9831 (via DHCP option), however will port 9831 need to be opened between the application server in the DMZ and the other application servers?  I don't think this is the case, but would like to confirm.


      The 9700-9702 ports appear to be for console communication only, so I don't think we need to open those ports up.


      So what it looks like to me is that we need to open up port 9836 AND the MinPort-MaxPort range between the application servers.  Am I missing anything?


      Any input would be appreciated.