Firewall Considerations

This section provides an overview of the factors that are to be considered when setting up firewalls in a Performance Monitor environment.

If you require a forward proxy to create a "bridge" for a firewall residing between the monitored system and the monitoring system, configure your web server, application server, and Process Scheduler server accordingly.

Web Server

To set up a forward proxy on WebLogic:

  1. Open the setenv.cmd file.

  2. Set HTTP_PROXY_HTTPHOST and HTTP_PROXY_HTTPPORT, or HTTP_PROXY_ HTTPSHOST and HTTP_PROXY_HTTPSPORT.

  3. Restart the application server and Process Scheduler domain.

Application Server

To configure forward proxy on the application server:

  1. Open the PSAPPSRV.CFG file.

  2. Complete the Proxy Host and Proxy Port under the [PSTOOLS] section.

  3. Restart the application server and Process Scheduler domain.

Note: The agents do not use the Proxy Host settings in the PSAPPSRV.CFG file.

Process Scheduler

To configure forward proxy on the Process Scheduler server:

  1. Open the PSPRCS.CFG file.

  2. Enter the Proxy Host and Proxy Port under the [PSTOOLS] section.

Note: The agents do not use the Proxy Host settings in the PSPRCS.CFG file.

You can't have a firewall between the PSPPMSRV processes and the monitoring web server. When PSPPMSRV starts, it binds to the next free port that is allocated by the operating system. As such, no static port exists. This saves configuring ports for multiple PSPPMSRVs.

The monitor cluster members communicate with each other on their allotted ports. If the cluster members are on different sides of a firewall, then these port numbers need to remain open for HTTP/S.