Firewall considerations

Ensure that your software and firewalls are configured so that communication is not blocked.

Reaper

Reaper node listens on the port 7080 by default.

ZooKeeper

ZooKeeper node listens on the following ports:
  • Follow port (2888 by default)
  • Election port (3888 by default)
  • Client port (2181 by default)
All Zookeeper nodes must be able to connect to all Zookeeper nodes in all data centers on the Follow and Election ports. All Sterling B2B Integrator servers in all data centers and all Global Mailbox Management nodes in all data centers must be able to connect to all ZooKeeper nodes in all data centers on the Client port.

Cassandra

Cassandra node listens on the following ports:
  • Inter-node communication port (7000 by default)
  • Inter-node communication SSL port (7001 by default)
  • Client port (9042 by default)
  • RPC port (9160 by default)
  • JMX port (7199 by default)
All Cassandra nodes must be able to connect to all Cassandra nodes in all data centers on the Inter-node communication, Inter-node Communication SSL, and JMX ports. All Sterling B2B Integrator nodes in all data centers and all Global Mailbox Management nodes in all data centers must be able to connect to all Cassandra nodes in all data centers on the Client port and the JMX port. The Inter-node communication and Inter-node Communication SSL ports have connections that last a long time. These connections must not be dropped. Ensure that any firewall rules allow these connections to remain open as long as possible. See Firewall idle connection timeout causing nodes to lose communication during low traffic times for details on TCP tuning.

Global Mailbox Management

Global Mailbox Management node listens on the following ports:
  • Secure Server port (33001 by default)
  • FASP UDP port (33001 not configurable)
  • HTTP port = Sterling B2B Integrator base port + 75 by default
  • HTTPS port = Sterling B2B Integrator base port + 76 by default
All Global Mailbox Management nodes in all data centers must be able to communicate to the Global Mailbox Management nodes in the other data centers on the Secure Server port and the FASP UDP port. Nodes within a data center do not communicate to each other on this port. Users who access the Sterling B2B Integrator dashboard must also be able to access the Global Mailbox Management Tool on the HTTP port and HTTPS port. Ensure that you provide the same firewall rules for these ports.

WebSphere MQ

MQListeners listen on specific ports (1414 by default). All Sterling B2B Integrator nodes and all Global Mailbox management nodes must be able to communicate with all WebSphere® MQ listeners in all data centers. All WebSphere MQ listeners in one data center must be able to communicate to all WebSphere MQ listeners in the other data center. See Troubleshooting MQ channels for details.

To minimize firewall issues, configure the TCP stanza of the mq.ini for your queue manager to contain this entry: 
KeepAlive=YES
You must also set the TCP_KEEPALIVE_INTERVAL setting in the TCP profile on the WebSphere MQ machine less than the firewall timeout value. For more information, see Resolving JMSException due to com.ibm.mq.MQException: MQJE001: Completion Code 2, Reason 2009.

Sterling B2B Integrator

Sterling B2B Integrator Global Mailbox REST Services adapter listens on a port that is configured automatically by Sterling B2B Integrator (8154 by default). All Global Mailbox Management nodes within the same data center must be able to access this port.