My job role is slightly different. I'm the de facto technical specialist
for a migration of a major financial system from one data centre to
another. And the security folks felt like they needed to implement an
application firewall in front of the power servers. The power servers live
in quite an extensive eco system with Connect direct MQ and sftp. So I've
had the wonderful job of identifying all the up and downstream services
they will be using and on what ports and then making firewall request to
the network team to open the ports up.then when the application teams
cannot connect they email me and ask me what did I miss out :-( And they
don't always use the application to test but use telnet to confirm that the
ports are open.

And all I can do is use Splunk to look at the firewall logs to see if
packets are being accepted or dropped. And when packets are accepted but
their telnet requests time out, then that's when I have to ask experts!

netstat *CNN did help a great deal and I could see there was nobody
listening on their MQ port. I had the LPAR bounced and it fixed
connectivity but now they are facing MQ config issues which are not my area
of responsibility!

On Tue, May 4, 2021, 7:50 PM Patrik Schindler <poc@xxxxxxxxxx> wrote:

Hello Laurence,

Am 04.05.2021 um 00:00 schrieb Laurence Chiu <lchiu7@xxxxxxxxx>:

I'm not sure what information telnet can provide

See my second message from yesterday. There I explained the details.

so the firewall rules appeared to be fine but they were still getting
connection refused. That led me to consider nobody was listening.

My daily routine (also administering Firewalls for customers) is quite
different. Experience proves that most errors are not a firewall problem.
Before I even consider logging into the firewall for checking, I request a
netstat check. Saved me a lot of unnecessary work.

:wq! PoC

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.commmm


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.