Salesforce

Firewall Settings (Magic xpi 4.13)

« Go Back

Information

 
Created BySalesforce Service User
Approval Process StatusPublished
Objective
Description

Firewall Settings (Magic xpi 4.13)

This topic describes the changes that you need to make to set fixed ports for the GigaSpaces infrastructure.

In the cluster with three nodes that is covered in this document, the recommendation is to enable the LRMI_PORT_RANGE to set a fixed range of ports and to define a fixed port for the WEBSTER_PORT property. Those will be the ports open in the firewall, as explained below.

There are three settings that should be enabled:

  1. DISCOVERY_PORT – The discovery listening port.

  2. LRMI_PORT_RANGE – The range of ports for the LRMI (the protocol for internal communication between grid components).

  3. WEBSTER_PORT – You need to set this port if you want to use a firewall between cluster nodes and not only between the requester and the cluster (Since version: 4.5).

These settings are disabled by default in the magicxpi_setenv.bat file (located in the <Magic xpi installation>\Runtime\Gigaspaces-xpi\bin folder). The settings can be enabled separately. This means that, for example, if you want to keep the default discovery port and Webster port, and only configure the range of ports for the LRMI, you can enable only the LRMI settings.

If the discovery port is set to a port other than the GigaSpaces default port (4174 in XAP 9.1), you must also change the value of the locators to use the port that you defined.

The most common scenario is to have all GigaSpaces entities behind the firewall, with only the Web requester or the Web services requester in the DMZ. The firewall settings should be as follows:

  1. All GigaSpaces nodes should be configured in unicast discovery mode, and multicast should be disabled. Click here for more information.

  2. The discovery port, the LRMI range and the Webster port should be set statically.

  3. The firewall rules for incoming traffic should include an open TCP port (for both inbound and outbound) for each statically defined listener port.

  4. The range of port numbers should be above 1024 and below 65536. Only free unassigned ports are allowed. The recommended port ranges are above 7100 in free unassigned IANA ranges (7102-7120, 7130-7160, 7167-7173, 7175-7199, 7228-7271, 7282-7299, 7366-7390..., 47558-47623, 47625-47805, 47809-47999, 48004-48127, 48620-49150).

Reference
Attachment 
Attachment