Re: ssl telnet vs firewall -- MIDRANGE-L

Le 06/01/2022 à 20:17, Miguel Peralta a écrit :

Hello, i try to convencing, server mapper cannot figures in the list of SSL ports,and they are being picky about it, thanks and reggards

Hello

If you use iACS (and all IBM software from the Client Access heritage), as-svrmap, as-central, as-rmtcmd and as-signon ports openess are mandatory. Then, the port used by the various applications included in the package must be open. If using SQL access, as-database must be open; if using IFS File Access, as-file must be open; if using 5250 emulation, either telnet or telnet-ssl must be open, and so on.

as-svrmap is never encrypted whether or not the other parts of the tool are encrypted or not.
As pointed out by the web page, by default, as-signon port is 8476 for non encrypted traffic and 9476 for encrypted traffic; as-central port is 8470 for non encrypted traffic and 9470 for encrypted traffic; as-rmtcmd port is 8475 for non encrypted traffic and 9475 for encrypted traffic; telnet port is 23 for non encrypted traffic and 992 for encrypted traffic.
Those ports can be overriden to use other ones and this is the role of as-svrmap to provide back to the client the server port of applications. There is no user/password information which flows through as-svrmap. Once the ports are known by the client, as-svrmap is no longer used.

Regarding CWBPING, you can run it with the "connection verification" button.

Note: for a pure 5250 telnet emulation (such as Mochasoft) only 992 port is used when running encrypted traffic.

Hope it helps.

________________________________
De: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> en nombre de Justin Taylor <jtaylor.0ab@xxxxxxxxx>
Enviado: jueves, 6 de enero de 2022 01:02 p. m.
Para: MIDRANGE-L <midrange-l@xxxxxxxxxxxxxxxxxx>
Asunto: Re: ssl telnet vs firewall

The note at the bottom of your link my be important. It mentions telnet
and 449 specifically.

HTH

date: Thu, 6 Jan 2022 18:37:46 +0000

from: Miguel Peralta <Mperalta8@xxxxxxxxxxx>
subject: ssl telnet vs firewall

Hello, I have a situation with the SSL telnet with iseries access for
windows, it is already configured and it works, but wanting to work in a
location that has a firewall does not work, according to the document:

https://www.ibm.com/support/pages/tcpip-ports-required-ibm-i-access-and-related-functions

It only requires enabling the SSL ports, it has already been done but
still does not make a connection, what could be missing?
Additionally, port 449 Server mapper is blocked, would this port be
necessary to add to the firewall policies?

thanks greetings.

PS: I cannot execute CWBPING due to security policies, all types of ping
are blocked

[https://ipmcdn.avast.com/images/icons/icon-envelope-tick-green-avg-v1.png
]<
http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Libre de virus. www.avg.com<<http://www.avg.com<>
http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com

[https://ipmcdn.avast.com/images/icons/icon-envelope-tick-green-avg-v1.png]<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Libre de virus. www.avg.com<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>