friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8826eae394
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahq_5.4.0.1/rzahqconffirewall.htm

88 lines
5.6 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-13" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Configure a firewall</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<img src="delta.gif" alt="Start of change" /><img src="delta.gif" alt="Start of change" />
<a name="rzahqconffirewall"></a>
<h3 id="rzahqconffirewall">Configure a firewall</h3>
<p>If there is a firewall between the iSeries&trade; and the iSCSI network, then the firewall
must be configured to allow incoming iSCSI and virtual Ethernet traffic to
pass. The values that affect firewall configuration are listed below:</p>
<p><span class="bold">For storage paths and virtual Ethernet connections protected
by the firewall: </span></p>
<ul>
<li><span class="bold">Remote IP address:</span> Use the procedure described in <a href="rzahqdisiplayremotesysconfig.htm#rzahqdisiplayremotesysconfig">Display remote system configuration properties</a> to display the properties of the remote
system configuration for the server. Go to the <span class="bold">Network Interfaces</span> tab and note the <span class="bold">SCSI Internet Address</span> and <span class="bold">LAN Internet Address</span> values.</li>
<li><img src="delta.gif" alt="Start of change" /><span class="bold">Local IP address and TCP port:</span> Use the
procedure described in <a href="rzahqdisplaynwshprops.htm#rzahqdisplaynwshprops">Display network server host adapter properties</a> to display the
properties of the network server host adapter (NWSH). Go to the <span class="bold">Local Interfaces</span> tab to see information that is used by the NWSH. Record
the following values:
<ul>
<li>Local SCSI interface: Internet address</li>
<li>Local SCSI interface: TCP port</li>
<li>Local LAN interface: Internet address</li>
<li>Local LAN interface: Base virtual Ethernet port</li>
<li>Local LAN interface: Upper virtual Ethernet port
<a name="wq225"></a>
<div class="notetitle" id="wq225">Note:</div>
<div class="notebody"> Virtual
Ethernet traffic is encapsulated in UDP packets. Each virtual Ethernet adapter
is automatically assigned a UDP port from a range that begins at the specified
base virtual Ethernet port number and ends at the base virtual Ethernet port
number plus the number of configured virtual Ethernet adapters. Each virtual
Ethernet adapter is also has a UDP port assigned at the Windows server.
UDP ports for virtual Ethernet are normally automatically allocated by Windows.
If you want to override automatic allocation, you can manually allocate
a UDP port by performing the following steps at the Windows console.</div>
<ol type="1">
<li>Navigate to the <span class="bold">Network Connections Window</span>.</li>
<li>Double-click the <span class="bold">IBM&reg; iSeries Virtual Ethernet x</span> adapter that
you want to configure.</li>
<li>Click <span class="bold">Properties</span>.</li>
<li>Click <span class="bold">Configure</span>.</li>
<li>Click <span class="bold">Advanced</span>.</li>
<li>Click <span class="bold">Initiator LAN UDP Port</span>.</li>
<li>Enter the UDP port that you want the virtual Ethernet adapter to use.</li></ol></li></ul><img src="deltaend.gif" alt="End of change" /></li>
<li><span class="bold">TCP ports associated with all Local IP addresses:</span>
<p>Using iSeries Navigator:</p>
<ol type="1">
<li>Expand <span class="bold">Expand Integrated Server Administration</span>.</li>
<li>Select <span class="bold">Servers</span>.</li>
<li>Right-click the server from the list available and select <span class="bold">Properties</span>.</li>
<li>Go to the <span class="bold">System</span> tab and click the <span class="bold">Advanced</span> button.</li>
<li>Note the following values:
<ul>
<li><span class="bold">Shutdown TCP port</span></li>
<li><span class="bold"><span class="bold">Virtual Ethernet control port</span></span></li></ul></li></ol></li></ul>
<p>If IPSec is used, there are additional considerations for firewalls between
an iSCSI HBA and the iSCSI network: </p>
<ul>
<li> <span class="bold">Allow IPSec:</span> This option is not available on all
firewalls.</li>
<li> Only IP addresses should be considered when configuring firewalls. TCP
and UDP ports are encrypted by IPSec, and therefore the firewall cannot act
on this information.</li></ul><img src="deltaend.gif" alt="End of change" /><img src="deltaend.gif" alt="End of change" />
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink