MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » December 2013

Re: ESA (Electronic Service Agent ports)



fixed

On 04-Dec-2013 13:21 -0800, Jeff Crosby wrote:
<<SNIP>>

We have a new firewall and I began wondering what port(s) were used
for these. In this manual:

http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/topic/rzaji/rzaji.pdf

it says use VFYSRVCFG to check. That does not work for me. The job
message queue wraps. And wraps. And wraps.

Any errors logged? Perhaps a fast exception loop; the same message repeatedly? No apparent matching error description there, but the command name is listed in one of the PTFs of each list below, but that is on C2115710:

<www.ibm.com/support/docview.wss?uid=nas10f566401d222c98a86257714007c5d80>
_i Recommended Fixes for Electronic Services for Release 7.1 i_

<www.ibm.com/support/docview.wss?uid=nas17b124b45e2a7eafb862577140079cc9a>
_i Recommended Fixes for ECS for Release 7.1 i_

So I found, in this same manual, that this file:

/qibm/userdata/os400/universalconnection/serviceProviderIBM.xml

contains the port. I found a line that says port 19285. Can anyone
confirm?

Supposedly the following document has the information that is quoted in snippets beneath... but seems the IBM support portal or my access is broken presently [that issue cleared up since last night], so I got a cached copy; note that a slightly different file name is noted there, than shown above:

www.ibm.com/support/docview.wss?uid=nas8N1018980
IBM i Electronic Service Agent
Software version: 5.3.0, 5.4.0, 6.1.0, 7.1.0
Reference #: N1018980 Modified date: 2013-07-26
Title: Electronic Service Agent (ESA) and Electronic Customer Support (ECS) VPN and HTTP Firewall Settings
Technote (troubleshooting)
"Problem(Abstract)

This document provides information for properly setting the firewall to allow Virtual Private Network (VPN) and HTTP ESA (IBM Electronic Service Agent) and ECS connections.
...
_Determine the IBM Service Destination Addresses_
To find the exact IBM Service Destination addresses that might be used for HTTP and HTTPs traffic, the service provider location definition files can be browsed.

The files available for this on the system are located at:
WRKLNK '/qibm/userdata/os400/universalconnection'

Notes:

1. For each option, type WRKLNK, followed by the full path. This will go directly to the noted file.
2. If using WRKLNK, taking Option 5 through the path and using F22 on the file will show the full name.

Option 1:

'/qibm/userdata/os400/universalconnection/serviceProviderIBMLocationDefinition.txt'
Note: This file is written in a more readable format than the file noted in Option 2.

This option is only available if a client installs PTFs SI34505 (V5R4) or SI34552 (V6R1). These PTFs are noted as required, so all systems should have this option.

+ Example

Option 2:

'/qibm/userdata/os400/universalconnection/serviceProviderIBMLocationDefinition.xml'

...
Complete example of WRKLNK '/qibm/userdata/os400/universalconnection/serviceProviderIBMLocationDefinition.txt file described above in Option 1, the following IP addresses can be utilized for ECS and ESA functions:

Configuration Date: 2012-05-02

IP Address TCP Port Destination
---------- -------- -----------
198.74.67.240 19285 URSF_1
198.74.71.240 19285 URSF_2
170.225.15.41 443 Bulk_Data_1
192.109.81.20 443 Bulk_Data_2
129.42.160.48 80 Doc_Update_1
207.25.252.200 80 Doc_Update_2
170.225.15.107 80 Fix_Repository_1
... ... ...
207.25.252.197 443 Gateway_1
129.42.160.51 443 Gateway_2
207.25.252.197 443 Inventory_Report_1
129.42.160.51 443 Inventory_Report_2
129.42.26.224 443 Problem_Report_1
... ... ...
...
Attached document contains a List of IP addresses used by ECS/ESA for ports 80 and 443, sorted by IP address.
Note: When using this option, all IP addresses must be allowed in the site firewall rules, omitting any may cause connection attempts to fail.
_ECS IP Addresses for port 80 443.doc_
<http://www.ibm.com/support/docview.wss?uid=nas8N1018980&aid=5>

For information about VPN security, refer to the InfoCenter by release:
...
Electronic Service Agent (ESA) security information:
http://www.ibm.com/support/esa/security.htm
...
Note: If a Remote or Multi-hop or Multihop connection is being used (RMTSYS) in CRTSRVCFG, port 1701 must be open for UDP communication between the source and remote servers. If a HTTP proxy is being used, the default port for *IBMSVR is port 5026
...
At R710, the Verify Service Configuration command has been enhanced to do additional connection tests:
Document N1010854 , Verify Service Configuration Enhancements:
<http://www.ibm.com/support/docview.wss?uid=nas8N1010854>
Verify Service Configuration Enhancements

Historical Number: KB 419109186"


Before finding the above document, which may be what is required, I was originally going to respond with the following:

The port configuration may depend on what was specified on the Change Service Configuration (CHGSRVCFG) or the Create Service Configuration (CRTSRVCFG) command? See the Proxy server (PROXY) parameter and the Connection point proxy (CNNPNTPRX) for the "Port number" on each. The default is the special value *IBMSVR, but a specific number can be specified 1-65535.

*IBMSVR
The Service and Support proxy server will accept connections using the default port.
1-65535
Specifies the port number on which the Service and Support proxy server will accept connections.






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact