Gateway Network Setup

IT-Conductor Gateway is a reverse proxy and requires specific port configurations and network access.

Figure 1: Gateway Network Setup

IT-Conductor Cloud

The gateway is using HTTPS port 443 to communicate with IT-Conductor cloud services hosted on the public network as DNS name: agents.itconductor.com

Ensure that firewall rules and routing are properly configured. You can test access from the gateway SSH session by executing the following command:

curl -I https://agents.itconductor.com/status

If all is working properly the following output should be produced:

HTTP/2 200
date: <Day of the Week>, <Day> <Month> <Year> <Time>
content-security-policy: default-src 'self' http://docs.itconductor.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://docs.itconductor.com ; style-src 'self' http://docs.itconductor.com  data: 'unsafe-inline' *.google.com *.googleapis.com; connect-src 'self' blob: https://*.google.com; form-action 'self' http://docs.itconductor.com ; frame-ancestors 'self' http://docs.itconductor.com ; img-src 'self' *.itconductor.com *.gstatic.com http://translate.google.com  blob: data: 'self' 'unsafe-inline'; font-src 'self' fonts.gstatic.com fonts.googleapis.com blob: https://*.google.com data: 'unsafe-inline'; report-uri /cspReportViolation;
x-xss-protection: 1
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-type: text/html
cache-control: no-store
content-length: 0

On-Premise Applications

In addition to connecting to IT-Conductor cloud services on the public network, the gateway needs to be able to access systems and applications on the private network. The routing to application-specific hosts may require configuration in the gateway host routing settings.

Depending on the application type, the firewall must have the appropriate hosts, protocols, and ports enabled for incoming connection to the respective application from the IT-Conductor gateway.

SAP NetWeaver (ABAP)

Name
Port Range
Rule

SAP Dispatcher

3200-3299

32<NN>

Gateway

3300-3399

33<NN>

Secured Gateway

4800-4899

48<NN>

Message Server

3600-3699

36<NN>

SAP J2EE

Name
Port Range
Rule

P4 (JMX)

50004-59904

5<NN>04

P4S (JMX Secure)

50006-59906

5<NN>06

HTTP

50000-59900

5<NN>00

HTTPS

50001-59901

5<NN>01

SAP HANA

Name
Port Range
Rule

SQL (SystemDB)

30013-39913

3<NN>13

SQL (Tenant DB Single)

30015-39915

3<NN>15

SQL (Tenant DB Multi)

30041-39998

3<NN>41[+3]

Host Agent

Name
Port Range
Rule

HTTP

50013-59913

5<NN>13

HTTPS

50014-59914

5<NN>14

DB/OS HTTP

1128

-

DB/OS HTTPS

1129

-

Other Systems and Applications

For other systems and applications, see port configurations below:

Name
Port

Cloud-based Applications and Platforms

  • HTTPS: 443

SAP BusinessObjects

  • Default: 6410 (SIA (Server Intelligence Agent) port)

  • Default: 6400 (Central Management Server (CMS) port)

  • For distributed clustered environments with multiple CMS, unique ports are assigned to each CMS and SIA node, normally 640<n> and 641<n>, respectively.

SAP BusinessObjects DataServices

  • Default: 6405 (REST API)

SAP Cloud Connector

  • Default: 8443 (REST API)

SAP DB

  • Default: 7210 (Unencrypted over TCP)

  • Default: 7260 (Unencrypted over SAP NI)

  • Default: 7270 (TLS over SAP NI)

SAP ASE

  • Default: 4901

  • JDBC client ports are configurable. Please consult your DBA.

InterSystems IRIS

  • Default: 1972 (JDBC)

  • JDBC client ports are configurable. Please consult your DBA.

Microsoft SQL Server

  • Default: 1433

  • JDBC client ports are configurable. Please consult your DBA.

Oracle (DBMS)

  • Default: 1521

  • JDBC client ports are configurable. Please consult your DBA.

Linux

  • SSH: 22

Windows

  • WinRM/HTTP: 5985

  • WinRM/HTTPS: 5986

CIFS (aka SMB, Windows File Server protocol)

  • TCP: 445

Veeam Backup Server

  • Default: 9419 (REST API)

Syslog Server

  • TCP and UDP (Incoming): 514

Last updated