Firewall Considerations

You must conform to the following firewall rules for Connection Manager to operate correctly:

  • TIBCO MFT Command Center must be able to open TCP connections to CMS, CMA, and Internet Server.

    CMS generally executes in the internal network on port 48443; CMA generally executes in the DMZ on port 48443; Internet Server generally executes in the DMZ on port 443 or 7443.

    If these ports are not opened, Connection Manager can still operate but you cannot use TIBCO MFT Command Center to configure the Connection Manager nodes. Normal TIBCO MFT Command Center and Internet Server definitions still work. But if you want to change the ports on a CMA or Internet Server, you must make the changes directly to the .xml configuration files. For more information of the configuration files, see Connection Manager Configuration Files.

  • CMS must be able to open TCP connections to CMA on ports 48000 and 48001. If not, Connection Manager does not work.
  • Internet Server must be able to open TCP connections to CMA on port 41080. If not, Connection Manager does not work.
  • CMS must be able to open TCP connections to internal servers. If not, the Connection Manager requests does not work to this server.
  • Server shutdown ports (generally 48005) do not have to be allowed by the firewall. Internet Server, CMA, and CMS shutdown ports are typically used by shutdown scripts executing on the instance where the Internet Server, CMA, or CMS server is executing.
  • When a connection is active between a CMS and a CMA, CMA initiates heartbeat requests to CMS every 45 seconds. If a response is not received within 45 seconds, CMA breaks the connection to CMS and waits for CMS to establish a new connection to CMA.