So you are going to allow ANYONE through your firewall on the ACS ports -
no security except user name and password ?
I hope you have good password policies and all default user profiles
passwords have been changed.
Would not be my recommendation.
Cheers
Don Brown
From: "Steinmetz, Paul via MIDRANGE-L" <midrange-l@xxxxxxxxxxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxxxxxxxx>
Cc: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
Date: 21/04/2020 07:20 AM
Subject: Ports needed for ACS when working from home over VPN
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxxxxxxxx>
We are now starting to allow users to WFH without using RDP, via VPN.
Many ports need to be enabled on the firewall for remote access.
I found below link, not sure if this was a complete list.
TCP/IP Ports Required for IBM i Access and Related Functions
https://www.ibm.com/support/pages/tcpip-ports-required-ibm-i-access-and-related-functions
The following table lists the ports that IBM i Access and related
functions use for communication with the IBM i OS System:
*
o PC Function
* Server Name
Port Non-SSL
Port SSL
* Server Mapper
* as-svrmap
* 449
* ---
* License Management
* as-central
* 8470
* 9470
* Database Access
* as-database
* 8471
* 9471
* Data Queues
* as-dtaq
* 8472
* 9472
* IFS Access using
System i Navigator
* as-file
* 8473
* 9473
* Network Printers
* as-netprt
* 8474
* 9474
* Remote Command
* as-rmtcmd
* 8475
* 9475
* Signon Verification
* as-signon
* 8476
* 9476
* Telnet (5250 Emulation)
* telnet
* 23
* 992
Navigator for i (web)
as-nav
2004
2005
* HTTP Administration
* as-admin
* 2001
* 2010
* POP3 (MAPI)
* pop3
* 5010
* ---
* Management Central
* as-mgtc >
* 5555 and 5544
* 5566 and 5577
* Ultimedia Services
* as-usf
* 8480
* 9480
* DDM/DRDA
* DDM/DRDA
* 446
* 448
* NetServer
* netbios >
* 137
* ---
* NetServer
* CIFS
* 445
* ---
* NetServer
* netbios >
* 139
* ---
* Service Tools Server
* as-sts
* 3000
* ---
DHCP Monitor
---
---
942
* RUNRMTCMD
* REXEC
* 512
* ---
If any of the above ports are restricted using a firewall or any other
mechanism, IBM i Access or related functions may fail to operate. For
assistance with configuring ports or working with a firewall beyond the
above information, contact the firewall provider or obtain a consulting
agreement.
Note:
The following ports are common to most IBM i Access Client products such
as ODBC, Telnet and other specific functions:
Port 449 is used to look up service by name and return the port number.
Ports 8470 and 9470(TLS/SSL) are used for host code page translation
tables and licensing functions.
Ports 8475 and 9475(TLS/SSL) are used to check for application
administration restrictions.
Ports 8476 and 9476(TLS/SSL) are used for checking signon verification to
authenticate.
depending on your needs you may only need the above ports and the port(s)
for your function/application.
Thank You
_____
Paul Steinmetz
IBM i Systems Administrator
Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071
610-826-9117 work
610-826-9188 fax
610-349-0913 cell
610-377-6012 home
psteinmetz@xxxxxxxxxx<mailto:psteinmetz@xxxxxxxxxx>
http://www.pencor.com/
midrange.com
