Maximo Mobile Work Manager 7.5.2 with Agentry server 6.0.42: ports to open in firewall
We are currently running Maximo Mobile Work Manager 7.5.2 on stand-alone Agentry server 6.0.42, with back-end Maximo 22.214.171.124.
A single Agentry server resides in the DMZ, and the client is a Samsung Galaxy tab 2 tablet with Work Manager 6.0.38.
We are using Websphere with LDAP authentication.
It's been working just fine for the past 1.5 years.
Yes, we will be planning an upgrade to the SMP 3 platform later this year.
Today, there is a rule in the firewall that allow any TCP connections from the Maximo Mobile server to the Maximo application server, no ports numbers are specified.
However, the network security team has asked us to narrow it down to the port numbers.
I have attached a copy of our network architecture.
We've been reading several articles from your web site, including:
And also an IBM article: http://www-01.ibm.com/support/docview.wss?uid=swg21262022
That being said, we have open the port that is defined in the javabe.ini as the bootstrap address, in our example, port 2809
We also have defined and open the 2 ports below defined in the System properties of Maximo.
However, after opening those 3 ports in the firewall and launching the Agentryserver.exe, as soon as I tried to synchronize with the ATE, there is a 4th port that is needed, and apparently it is a dynamic one, every time you restart the Maximo application server, a different port number is assigned.
It seems to be a port that Maximo/Websphere uses to authenticate the user when it connects to the LDAP server, I have attached a log file that the network team was able to pull during the synchronization (logMMWM.txtr).
The port used was 46776 and was just used to authenticate the user, after that only 13400 and 14000 were used.
As you can see in the log attached, it refers to ldap.airliquide.com:389 which is our ldap host name and port number, that's why I'm saying this port 46776 is only used for authentication.
Do you have any ideas where that port can be defined and made static instead of dynamic, so that way we can add it to the firewall rule?
Thanks for your help and input,