Thanks for the reply. The first file was much easier to read.
Ports 80 and 443 are open outbound through the firewall. And I forgot that
all ports are open outbound for the System i.
Doesn't explain what's going on with VFYSRVCFG though. Haven't had a
chance to look at that. We have a 3rd party for HW service (though we do
have SWMA with IBM). Wonder if that's it?
On Thu, Dec 5, 2013 at 12:06 PM, CRPence <CRPbottle@xxxxxxxxx> wrote:
On 04-Dec-2013 13:21 -0800, Jeff Crosby wrote:
We have a new firewall and I began wondering what port(s) were used
for these. In this manual:
it says use VFYSRVCFG to check. That does not work for me. The job
message queue wraps. And wraps. And wraps.
Any errors logged? Perhaps a fast exception loop; the same message
repeatedly? No apparent matching error description there, but the
command name is listed in one of the PTFs of each list below, but that
is on C2115710:
_i Recommended Fixes for Electronic Services for Release 7.1 i_
_i Recommended Fixes for ECS for Release 7.1 i_
So I found, in this same manual, that this file:
contains the port. I found a line that says port 19285. Can anyone
Supposedly the following document has the information that is quoted
in snippets beneath... but seems the IBM support portal or my access is
broken presently [that issue cleared up since last night], so I got a
cached copy; note that a slightly different file name is noted there,
than shown above:
IBM i Electronic Service Agent
Software version: 5.3.0, 5.4.0, 6.1.0, 7.1.0
Reference #: N1018980 Modified date: 2013-07-26
Title: Electronic Service Agent (ESA) and Electronic Customer Support
(ECS) VPN and HTTP Firewall Settings
This document provides information for properly setting the firewall to
allow Virtual Private Network (VPN) and HTTP ESA (IBM Electronic Service
Agent) and ECS connections.
_Determine the IBM Service Destination Addresses_
To find the exact IBM Service Destination addresses that might be used
for HTTP and HTTPs traffic, the service provider location definition
files can be browsed.
The files available for this on the system are located at:
1. For each option, type WRKLNK, followed by the full path. This will go
directly to the noted file.
2. If using WRKLNK, taking Option 5 through the path and using F22 on
the file will show the full name.
Note: This file is written in a more readable format than the file noted
in Option 2.
This option is only available if a client installs PTFs SI34505 (V5R4)
or SI34552 (V6R1). These PTFs are noted as required, so all systems
should have this option.
Complete example of WRKLNK
file described above in Option 1, the following IP addresses can be
utilized for ECS and ESA functions:
Configuration Date: 2012-05-02
IP Address TCP Port Destination
---------- -------- -----------
188.8.131.52 19285 URSF_1
184.108.40.206 19285 URSF_2
220.127.116.11 443 Bulk_Data_1
18.104.22.168 443 Bulk_Data_2
22.214.171.124 80 Doc_Update_1
126.96.36.199 80 Doc_Update_2
188.8.131.52 80 Fix_Repository_1
... ... ...
184.108.40.206 443 Gateway_1
220.127.116.11 443 Gateway_2
18.104.22.168 443 Inventory_Report_1
22.214.171.124 443 Inventory_Report_2
126.96.36.199 443 Problem_Report_1
... ... ...
Attached document contains a List of IP addresses used by ECS/ESA for
ports 80 and 443, sorted by IP address.
Note: When using this option, all IP addresses must be allowed in the
site firewall rules, omitting any may cause connection attempts to fail.
_ECS IP Addresses for port 80 443.doc_
For information about VPN security, refer to the InfoCenter by release:
Electronic Service Agent (ESA) security information:
Note: If a Remote or Multi-hop or Multihop connection is being used
(RMTSYS) in CRTSRVCFG, port 1701 must be open for UDP communication
between the source and remote servers. If a HTTP proxy is being used,
the default port for *IBMSVR is port 5026
At R710, the Verify Service Configuration command has been enhanced to
do additional connection tests:
Document N1010854 , Verify Service Configuration Enhancements:
Verify Service Configuration Enhancements
Historical Number: KB 419109186"
Before finding the above document, which may be what is required, I
was originally going to respond with the following:
The port configuration may depend on what was specified on the Change
Service Configuration (CHGSRVCFG) or the Create Service Configuration
(CRTSRVCFG) command? See the Proxy server (PROXY) parameter and the
Connection point proxy (CNNPNTPRX) for the "Port number" on each. The
default is the special value *IBMSVR, but a specific number can be
The Service and Support proxy server will accept connections using
the default port.
Specifies the port number on which the Service and Support proxy
server will accept connections.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives