Configure the iSeries v5r4 to open the HTTPS port for incoming connections

When the HTTPS 443 port is not accessible from interned but is open within the local network, open the port for incoming connections by recognizing the problem as a network firewall issue rather than an iSeries issue.

Scott Ingvaldson

Published: 17 Apr 2009

Our iSeries v5r4 is running on WAS 6.0 and is connected to the internet via L2TP connection without IPSec.

The problem is that the HTTPS 443 port is not accessible from interned, but it is open within the local network. Nmap ports 25, 80, 110 and 10322 (WAS administration console) have state open on the internet IP address.

The HTTPS 443 port has state filtered.

No packet filters are active. My goal is to open the HTTPS 443 port, and close the 10322 ports in internet. However, I'm not sure where or how to configure this.

Activating the following filtering rules causes port 80 to open, and ports 443 and 10322 to be filtered.


# -----------------------------------------------

# Statements to permit inbound HTTP over STATICIP # -----------------------------------------------

FILTER SET HTTP_INBOUND   ACTION = PERMIT   DIRECTION = OUTBOUND   SRCADDR = *   DSTADDR = *   SERVICE = HTTP_80_FS   JRN = OFF

FILTER SET HTTP_INBOUND   ACTION = PERMIT   DIRECTION = INBOUND   SRCADDR = *   DSTADDR = *   SERVICE = HTTP_80_FC   JRN = OFF

FILTER SET HTTP_INBOUND   ACTION = PERMIT   DIRECTION = OUTBOUND   SRCADDR = *   DSTADDR = *   SERVICE = HTTP_443_FS   JRN = OFF

FILTER SET HTTP_INBOUND   ACTION = PERMIT   DIRECTION = INBOUND   SRCADDR = *   DSTADDR = *   SERVICE = HTTP_443_FC   JRN = OFF

FILTER_INTERFACE   INTERFACE = STATICIP   SET = HTTP_INBOUND

# -----------------------------------------------

How can I open the HTTPS port for incoming connections?

Packet rules are fairly complicated. My systems have about three pages of rules each, and there is no way I can tell what is going on without seeing the whole file.  That said, since you say that "HTTPS 443 port is not accessible from interned, but it is open within the local network," I suspect that this is a network firewall issue rather than an iSeries problem.

Dig Deeper on Physical connections to iSeries

Follow this Terraform and AWS tutorial to create a VPC As an infrastructure-as-code tool, Terraform simplifies and streamlines resource deployments. Follow along with this example, which features Amazon VPCs, to get started.

How to configure SSL on IIS with PowerShell SSL encryption is a necessary component when building an IIS website that communicates with the outside world. Use this PowerShell tutorial to streamline the deployment process.

SRM Communications – TCP 80/443 During the install the communication to vCenter appears to be non-secured on TCP port 80, but after the install is on the secured port of TCP 443.

Network session data analysis with Snort and Argus This tip explains how to use flow/session data can complement the alert data supplied by the Snort intrusion detection system for network session data analysis.

Network session data analysis with Snort and Argus This edition of Snort Report departs from the standard format to introduce Argus, a session data collecting tool that can work alongside Snort. Learn how session data can complement Snort's alert data for network session analysis

Ingress firewall rules for the Cisco Security Monitoring, Analysis, and Response System Ingress traffic is traffic that is inbound from a less-trusted network, through a firewall, and on to the Cisco Security Monitoring, Analysis, and Response System. Learn how to configure your customer's ingress firewall rules to reduce the risk of malicious traffic coming from these less-trusted networks.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our AS/400 experts

View all AS/400 questions and answers

Configure the iSeries v5r4 to open the HTTPS port for incoming connections

When the HTTPS 443 port is not accessible from interned but is open within the local network, open the port for incoming connections by recognizing the problem as a network firewall issue rather than an iSeries issue.

Dig Deeper on Physical connections to iSeries

Related Q&A from Scott Ingvaldson

Extend storage capacity on an IBM i without negatively effecting system performance

Transfer files from one environment to another without closing all other AS/400 sessions

Send a *LMSG successfully on AS/400 using the SNDDST command

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

Refresh your data center cooling lexicon

Comparing Linux distributions: Red Hat vs. Ubuntu

Get eco-friendly with LEED data center certification

Dig Deeper on Physical connections to iSeries

Related Q&A from Scott Ingvaldson

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.