Firewall Settings (Magic xpi 4.1)
This topic describes the changes that you need to make to set fixed ports for the GigaSpaces infrastructure.
There are two settings that should be enabled:
-
The discovery listening port.
-
The range of ports for the LRMI (the protocol for internal communication between grid components).
Both settings are disabled by default in the magicxpi_setenv.bat file. They can both be enabled separately. This means that if you want to keep the default discovery port, and only configure the range of ports for the LRMI, you can enable only the LRMI settings.
|
Note:
|
If the discovery port is set to a port other than the GigaSpaces default port (4174 in XAP 9.1), you must also change the value of the locators to use the port that you defined.
|
|
The most common scenario is to have all GigaSpaces entities behind the firewall, with only the Web requester or the Web services requester are in the DMZ. The firewall settings should be as follows:
-
All GigaSpaces nodes should be configured in unicast discovery mode, and multicast should be disabled. Click here for more information.
-
The discovery port and the LRMI range should be set statically.
-
The firewall rules for incoming traffic should include an open TCP port for each statically defined listener port.
-
The range of port numbers should be above 1024 and below 65536. Only free unassigned ports are allowed. The recommended port ranges are above 7100 in free unassigned IANA ranges (7102-7120, 7130-7160, 7167-7173, 7175-7199, 7228-7271, 7282-7299, 7366-7390..., 47558-47623, 47625-47805, 47809-47999, 48004-48127, 48620-49150).
