If your machine is already running within a firewall-protected enterprise environment, please contact your system administrator to clarify whether this Windows firewall can be switched off to avoid having to configure it.
Warning: Disabling the firewall is solely your responsibility as user. Under no circumstances shall Software AG be responsible for any loss or other damages or costs which might occur due to disabling the Windows firewall. |
For detailed information on configuring the Windows firewall, see the Microsoft documentation provided with your Windows version. In addition to this information, Software AG provides examples of how to run EntireX in an environment protected by the Windows firewall. However, these examples only provide technical guidelines; Software AG cannot guarantee that the examples given will provide the security you require.
These examples are based on two methods: one to allow a specific executable to open ports, the other to allow a specific port to be used by a certain program on your PC. The methods below use the EntireX Broker kernel as an example. For other EntireX components, see the list of executables and port numbers for the relevant information.
This document contains the following topics:
This method involves adding the broker kernel as an "allowed program". This means it can open any port for both TCP and UDP communication.
To add the broker kernel as an allowed program
Enter command:
C:\>netsh firewall add
allowedprogram program="C:\SoftwareAG\EntireX\bin\etbnuc.exe" name="EntireX
Broker Kernel" profile=ALL |
To remove the broker kernel as an allowed program
Enter command:
C:\>netsh firewall delete
allowedprogram program="C:\SoftwareAG\EntireX\bin\etbnuc.exe"
profile=ALL |
This example is for the EntireX Broker kernel program. To add other EntireX components as allowed programs, see Overview of Executables and Port Numbers below.
This method involves opening a specific port for all programs.
To open a specific port
Enter command:
C:\>netsh firewall add portopening
protocol=TCP port=1971 name="EntireX Broker Kernel" profile=ALL |
To close a specific port
Enter command:
C:\>netsh firewall delete
portopening protocol=TCP port=1971 profile=ALL |
This example is for the EntireX Broker kernel program. To open a port for other EntireX components, see Overview of Executables and Port Numbers below.
To run all of EntireX and its subprograms you will need to open a variety of communications ports, depending on the functionality you are using. Below is a list of programs that need to establish communications ports. You may choose which of the programs or ports you want to use on the PC.
It is important to note that the file locations and the port numbers listed are the default settings. These parameters may be customized during the installation process. If you did not install using the default settings, you will need to use your custom parameters.
See Method 1 - Allow a Specific Executable to Open a Port and Method 2 - Allow a Specific Port to be used on your PC for the syntax required.
Component | Method 1 | Method 2 | Notes | |||
---|---|---|---|---|---|---|
Program Name | Executable | File Location | Default Port Numbers |
|||
EntireX Broker Kernel | EntireX Broker Kernel | etbnuc.exe | C:\SoftwareAG\EntireX\bin\ | TCP port: 1971 SSL port: 1958 |
||
EntireX Broker Administration Service | EntireX Broker Administration Service | etbnuc.exe | C:\SoftwareAG\EntireX\bin\ | TCP port: 57707 SSL port: 57708 |
||
EntireX Broker Agent | Broker Agent (com.softwareag. entirex.ba.BrokerAgent) |
java.exe | %JAVA_HOME%\bin\java.exe (see note *) |
TCP port: 3000 | When administrating the EntireX
Broker Agent/SSL Broker Agent with System Management Hub,
javaw.exe must be allowed. *The Windows Firewall requires
the full path name of the javaw.exe. The SMH Broker Agent
uses the javaw.exe that is located in the path
%CommonProgramFiles%\Software AG\jre<java
version>\bin\javaw.exe. This is the
javaw.exe that must be allowed.
Method 1 requires that you allow java.exe and/or javaw.exe, which will allow all Java-based programs to open ports. If you do not want to allow this, use method 2 and specify just the port number. |
|
SSL Broker Agent | SSL Broker Agent (com.softwareag. entirex.ba.SSLBrokerAgent) |
java.exe | %JAVA_HOME%\bin\java.exe | TCP port: 1958 | ||
Software AG Web Server | Software AG Web Server | java.exe | %JAVA_HOME%\bin\java.exe | HTTP: 10010 (Base port) | ||
System Management Hub | Web User Interface Ports | C:\SoftwareAG\EntireX\smh\bin | HTTP port:10010 HTTPS port:10011 TCP/IP port:10013 |
You can configure these port numbers during or after installation of System Management Hub. Depending on the components installed, some may not be used. | ||
CS Layer Server | argsrv.exe | HTTP port:10015 HTTPS port:10012 TCP/IP port:10014 |
(*) Optional, because this port is used only for outgoing packages.