Skip to Main Content
Return to Navigation

Firewall Considerations

When setting up firewalls in a Performance Monitor environment, consider:

Agent Communication with the Monitor Servlet

If you require a forward proxy to create a "bridge" for a firewall residing between the monitored system and the monitoring system, configure your web server, application server, and Process Scheduler server accordingly.

Web Server

The process varies depending on which web server you use.

To set up a forward proxy on WebLogic:

  1. Open the setenv.cmd file.

  2. Set HTTP_PROXY_HTTPHOST and HTTP_PROXY_HTTPPORT, or HTTP_PROXY_ HTTPSHOST and HTTP_PROXY_HTTPSPORT.

  3. Restart the application server and Process Scheduler domain.

To set up a forward proxy on WebSphere:

  1. Open WebSphere Administration console at http://<machine-name>:9090/admin and login.

  2. Expand Servers, Application Servers, server1, Process Definition, JavaVirtualMachine, CustomProperties.

  3. Click New Key,Value pair and add the following new pairs:

    • Key="http.proxyHost", Value="<forward proxy hostname>"

    • Key="http.proxyPort", Value="<forward proxy HTTP port>"

    • Key="https.proxyHost", Value="<forward proxy hostname>"

    • Key="https.proxyPort", Value="<forward proxy HTTPS port>"

  4. Save the configuration changes and logout.

  5. Restart WebSphere.

Application Server

To configure forward proxy on the application server:

  1. Open the PSAPPSRV.CFG file.

  2. Complete the Proxy Host and Proxy Port under the [PSTOOLS] section.

  3. Restart the application server and Process Scheduler domain.

Note: The agents do not use the Proxy Host settings in the PSAPPSRV.CFG file.

Process Scheduler

To configure forward proxy on the Process Scheduler server:

  1. Open the PSPRCS.CFG file.

  2. Enter the Proxy Host and Proxy Port under the [PSTOOLS] section.

Note: The agents do not use the Proxy Host settings in the PSPRCS.CFG file.

PSPPMSRV Communication with the Monitor Servlet

You can't have a firewall between the PSPPMSRV processes and the monitoring web server. When PSPPMSRV starts, it binds to the next free port that is allocated by the operating system. As such, no static port exists. This saves configuring ports for multiple PSPPMSRVs.

Monitor Cluster Members

The monitor cluster members communicate with each other on their allotted ports. If the cluster members are on different sides of a firewall, then these port numbers need to remain open for HTTP/S.