Configuring webMethods EntireX to Run with the Microsoft Windows Personal Firewall

If your machine is already running within a firewall-protected enterprise environment, please contact your system administrator to clarify whether this Windows firewall can be switched off to avoid having to configure it.

Warning:
Disabling the firewall is solely your responsibility as user. Under no circumstances shall Software AG be responsible for any loss or other damages or costs which might occur due to disabling the Windows firewall.

For detailed information on configuring the Windows firewall, see the Microsoft documentation provided with your Windows version. In addition to this information, Software AG provides examples of how to run EntireX in an environment protected by the Windows firewall. However, these examples only provide technical guidelines; Software AG cannot guarantee that the examples given will provide the security you require.

These examples are based on two methods: one to allow a specific executable to open ports, the other to allow a specific port to be used by a certain program on your PC. The methods below use the EntireX Broker kernel as an example. For other EntireX components, see the list of executables and port numbers for the relevant information.

This document contains the following topics:


Method 1 - Allow a Specific Executable to Open a Port

This method involves adding the broker kernel as an "allowed program". This means it can open any port for both TCP and UDP communication.

Start of instruction setTo add the broker kernel as an allowed program

  • Enter command:

    C:\>netsh firewall add allowedprogram program="C:\SoftwareAG\EntireX\bin\etbnuc.exe" name="EntireX Broker Kernel" profile=ALL

Start of instruction setTo remove the broker kernel as an allowed program

  • Enter command:

    C:\>netsh firewall delete allowedprogram program="C:\SoftwareAG\EntireX\bin\etbnuc.exe" profile=ALL

This example is for the EntireX Broker kernel program. To add other EntireX components as allowed programs, see Overview of Executables and Port Numbers below.

Method 2 - Allow a Specific Port to be used on your PC

This method involves opening a specific port for all programs.

Start of instruction setTo open a specific port

  • Enter command:

    C:\>netsh firewall add portopening protocol=TCP port=1971 name="EntireX Broker Kernel" profile=ALL

Start of instruction setTo close a specific port

  • Enter command:

    C:\>netsh firewall delete portopening protocol=TCP port=1971 profile=ALL

This example is for the EntireX Broker kernel program. To open a port for other EntireX components, see Overview of Executables and Port Numbers below.

Overview of Executables and Port Numbers

To run all of EntireX and its subprograms you will need to open a variety of communications ports, depending on the functionality you are using. Below is a list of programs that need to establish communications ports. You may choose which of the programs or ports you want to use on the PC.

It is important to note that the file locations and the port numbers listed are the default settings. These parameters may be customized during the installation process. If you did not install using the default settings, you will need to use your custom parameters.

See Method 1 - Allow a Specific Executable to Open a Port and Method 2 - Allow a Specific Port to be used on your PC for the syntax required.

Component Method 1 Method 2 Notes
Program Name Executable File Location Default Port
Numbers
EntireX Broker Kernel EntireX Broker Kernel etbnuc.exe C:\SoftwareAG\EntireX\bin\ TCP port: 1971
SSL port: 1958
 
EntireX Broker Administration Service EntireX Broker Administration Service etbnuc.exe C:\SoftwareAG\EntireX\bin\ TCP port: 57707
SSL port: 57708
 
EntireX Broker Agent Broker Agent (com.softwareag.
entirex.ba.BrokerAgent)
java.exe %JAVA_HOME%\bin\java.exe
(see note *)
TCP port: 3000 When administrating the EntireX Broker Agent/SSL Broker Agent with System Management Hub, javaw.exe must be allowed. *The Windows Firewall requires the full path name of the javaw.exe. The SMH Broker Agent uses the javaw.exe that is located in the path %CommonProgramFiles%\Software AG\jre<java version>\bin\javaw.exe. This is the javaw.exe that must be allowed.

Method 1 requires that you allow java.exe and/or javaw.exe, which will allow all Java-based programs to open ports. If you do not want to allow this, use method 2 and specify just the port number.

SSL Broker Agent SSL Broker Agent (com.softwareag.
entirex.ba.SSLBrokerAgent)
java.exe %JAVA_HOME%\bin\java.exe TCP port: 1958
Software AG Web Server Software AG Web Server java.exe %JAVA_HOME%\bin\java.exe HTTP: 10010 (Base port)
System Management Hub Web User Interface Ports   C:\SoftwareAG\EntireX\smh\bin HTTP port:10010
HTTPS port:10011
TCP/IP port:10013
You can configure these port numbers during or after installation of System Management Hub. Depending on the components installed, some may not be used.
CS Layer Server argsrv.exe HTTP port:10015
HTTPS port:10012
TCP/IP port:10014

(*) Optional, because this port is used only for outgoing packages.