Thanks Looking at this list and the firewall requests that have been raised, it seems we're covered.
Interesting as noted we have a zBC12 in the same room and there is no problem accessing it and the new HMC'S for the z14 are in the same subnet so should be covered by the same firewall rules. However nobody can tell if they've ever tried to access the SE on the zBC12 remotely because as another poster said, if your configuration is stable then there is little need to do that. That could certainly point to a firewall rule that's never been tested. Again back to my original point, why can't the support element configuration be done locally why we try to figure out the network issues for remote access On Thu, Mar 21, 2019, 3:10 AM Edgington, Jerry < [email protected]> wrote: > Dana, > > Here is my "cheat sheet" for HMC ports and direction. However, I don't > know if they have changed for z14 ZR1, but they work for z13s. > > ○ HMC inbound IP ports from internal network > § Type Source Port Usage > ICMP 8 Establish communication with > resources managed by HMC > TCP 58787 - 58788 Automatic discovery of > zServers > UDP 58788 Automatic discovery of zServers > UDP 9900 HMC to HMC auto discovery > TCP 55555 SSL communication from servers > TCP 9920 SSL HMC and zServers > TCP 443 Remote user access to HMC > TCP 9950-9959 Proxy Single Object > Operations to server > TCP 9960 Java applet-based tasks (not > required since v2.12.1) > UDP 161 SMNP automation of the HMC > TCP 161 SMNP automation of the HMC > TCP 3161 SMNP automation of the HMC > TCP 6794 SSL automation traffic, including > HMC Mobile app > TCP 61612 Web Services API message broker, > flowing STOMP > TCP 61617 Web Services API message broker, > flowing OpenWire > UDP 123 Set the time of the servers > UDP 520 Communications with routers from > HMC > TCP 22 Remote access by Product > Engineering > TCP 21 Inbound FTP requests > TCP 3900-3909 AMM for zBX > > > ○ HMC outbound IP ports to network to internal network > Type Source Port Usage > ICMP 8 Establish communication with > resources managed by HMC > UDP 9900 HMC to HMC auto discovery > TCP 58787 - 58788 Automatic discovery of > zServers > UDP 58788 Automatic discovery of zServers > TCP 55555 SSL communication from servers > TCP 9920 SSL HMC and zServers > TCP 443 Single Object Operations to server > console > TCP 9960 Java applet-based tasks (not > required since v2.12.1) > TCP 25345 Single Object Operations to server > console > TCP X LDAP port to authenticate Users > TCP 443 Call home requests RSF, and HMC > mobile app > TCP 3900 AAM for zBX > TCP 21 Load system software or utility > programs > TCP 22 SSH > UDP 123 Connect to NTP server > TCP 25 SMTP for email > > ○ SE inbound IP ports from internal network > § Type Source Port Usage > ICMP 8 Establish communication with > resources managed by HMC > TCP 58787 Automatic discovery of zServers > UDP 58787 Automatic discovery of zServers > TCP 55555 SSL communication from servers > TCP 9920 SSL HMC and zServers > TCP 443 Call home requests RSF, and HMC > mobile app > TCP 9950-9959 Manage DataPower XI50z > from HMC > TCP 9960 Java applet-based tasks (not > required since v2.12.1) > UDP 161 SMNP automation of the HMC > TCP 161 SMNP automation of the HMC > TCP 3161 SMNP automation of the HMC > UDP 123 Set the time of the servers > UDP 520 Communications with routers from > HMC > TCP 22 Remote access by Product > Engineering > TCP 21 Inbound FTP requests > TCP 3900-3909 AMM for zBX > > ○ SE outbound IP ports to internal networks > § Type Source Port Usage > ICMP 8 Establish communication with > resources managed by HMC > UDP 9900 HMC to HMC auto discovery > TCP 58787 Automatic discovery of zServers > UDP 58787 Automatic discovery of zServers > TCP 55555 SSL communication from servers > TCP 9920 SSL HMC and zServers > TCP 443 Single Object Operations to server > console > TCP 9960 Java applet-based tasks (not > required since v2.12.1) > TCP 25345 Single Object Operations to server > console > TCP X LDAP port to authenticate Users > TCP 443 Call home requests RSF, and HMC > mobile app > TCP 3900 AAM for zBX > TCP 21 Load system software or utility > programs > TCP 22 SSH > UDP 520 Communications with routers from > HMC > UDP 123 Set the time of the servers > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Dana Mitchell > Sent: Wednesday, March 20, 2019 10:06 AM > To: [email protected] > Subject: Re: Remote access to Z14 ZR1 Support Element via HMC question > > As far as firewall rules go, we can access SOO remotely so I'm looking > back at some of my old firewall requests, and it looks like for a new HMC I > requested ports 443,9960 and 2300 to be opened. But in the current doc, > port 2300 is not referenced, so I don't recall what that was for. > > Your other question about accessing the SE's, I would say that wouldn't > be neccessary very much at all once the machine is setup, perhaps for CHP > problem determination type of thing, but I can't think of normal day to day > requirements. > > Dana > > On Wed, 20 Mar 2019 22:02:21 +1300, Laurence Chiu <[email protected]> > wrote: > > > > >Any thoughts from the group on this parallel approach. I have no idea > >how often the SE needs to be accessed but this is a fairly static > >environment so I would think not that often. > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
