Preparing site firewalls and proxies for the CMM call-home feature

You must configure your firewalls and proxy server to enable operation of the CMM call-home feature, if you have firewalls in your network.

The CMM must be able to access remote systems over the Internet to deliver call-home information. To enable this access, you must configure the firewalls and proxies in your network to allow access by the CMM.

Complete the following steps to configure the firewalls and proxies in your network:

  1. Identify the CMM ports that you will use for your systems-management configuration (see Table 1) and make sure that these ports are open.
    • In the CMM web interface, select the Port Assignments tab from the Mgt Module Management > Network page. Ensure that the ports you plan to use for your systems-management configuration are open. All fields and options are fully described in the CMM web interface online help.
    • In the CMM CLI, use the ports command (see ports command for information about command use).
  2. Make sure that a connection exists to the Internet address in Table 1 that is required by the CMM call-home feature.
    Note:
    • If possible, always use DNS name instead of IP addresses, because IP addresses could be changed ocassionally.
    • If your CMM is configured for secured operation, FTP port (port 21) will be disabled.
    • If your CMM is already configured, re-configure firewalls and networks first in order to access corresponding IPs.
    Table 1. Required connections for the CMM call-home feature
    DNS name IP address Port(s) Protocol(s)

    www-945.ibm.com

    (IEPD problem reporting gateway)

    		 IPv4:
    • 129.42.26.224
    • 129.42.34.224
    • 129.42.42.224
    • 129.42.50.224
    IPv6:
    • 2620:0:6C0:1::1000
    • 2620:0:6C1:1::1000
    • 2620:0:6C2:1::1000
    • 2620:0:6C4:1::1000
    		 443 (HTTPS)

    80 (default listener port)

    21 (FTP)

    22 (SFTP)

    		 https, ftps

    esupport.ibm.com

    eccgw01.rochester.ibm.com

    eccgw02.boulder.ibm.com

    (Edge gateway for all transactions)

    		 IPv4:
    • 129.42.56.189
    • 129.42.58.189
    • 129.42.60.189
    • 129.42.54.189
    IPv6:
    • 2620:0:6c0:200:129:42:56:189
    • 2620:0:6c1:200:129:42:58:189
    • 2620:0:6c2:200:129:42:60:189
    • 2620:0:6c4:200:129:42:54:189
    		 443 (HTTPS)

    80 (default listener port)

    21 (FTP)

    22 (SFTP)

    		 https, ftps
    The following connections might not be required in all cases:
    www6.software.ibm.com 170.225.15.41 443 https
    www.ibm.com

    • 129.42.56.216

    • 129.42.58.216

    • 129.42.60.216

    • 129.42.160.51

    • 207.25.252.197

    		 443

    80 (optional)

    		 https, http
    www-03.ibm.com 204.146.30.17 443

    80 (optional)

    		 https, http
    download3.boulder.ibm.com

    170.225.15.76

    		 443

    80 (optional)

    		 https, http
    download3.mul.ie.ibm.com 129.35.224.114 443

    80 (optional)

    		 https, http
    download4.boulder.ibm.com 170.225.15.107 443

    80 (optional)

    		 https, http
    download4.mul.ie.ibm.com 129.35.224.107 443

    80 (optional)

    		  
    delivery04-bld.dhe.ibm.com

    • 129.35.224.104

    • 170.225.15.104

    		 443

    80 (optional)

    		 https, http
    delivery04.dhe.ibm.com

    • 129.35.224.105

    • 170.225.15.105

    		 443

    80 (optional)

    		 https, http
    eccgw01.boulder.ibm.com 207.25.252.197 443 http
    eccgw02.rochester.ibm.com 129.42.160.51 443 http
  3. If the CMM does not have direct Internet access with your network configuration, make sure that the selected proxy server is configured to use basic authentication.

Make sure that the following items in the CMM are configured to support call-home communication using your network:

Parent topic: Configuring the CMM