iProcess RPC and Firewall Access

When an iProcess Workspace and the iProcess Engine are separated by a firewall, the iProcess Suite can fail because its communication method (remote procedure calls - RPC) is stopped by the firewall filter. Because iProcess Engine RPC services are allocated dynamically, the firewall filter is not set up to open all ports that the iProcess Engine is using. Not all the ports will be open because the firewall administrator has set up certain restrictions to enable security on the network.

The RPC numbers are allocated dynamically so there is no fixed set of RPC numbers for a firewall administrator to add to the filter. If the ports used are not opened on the firewall, the iProcess Workspace and iProcess Engine cannot communicate because data requests are denied by the firewall. For the iProcess Engine to operate in this environment, the firewall administrator needs to know what ports the iProcess Engine is using so that iProcess RPC calls can be filtered through.

You can set up the iProcess Engine to use a specific range of ports and/or RPC numbers so that the firewall administrator has a range of port numbers to add to the firewall filter. You can use one or both of the following methods to do this:

Port range filtering
RPC number filtering.

You use the SWDIR\util\swadm utility to configure port range and/or RPC number filtering. For more information, see the “Administering Firewalls” in the TIBCO iProcess Engine: Administrator's Guide.