To: All Sites Using Shipping Servers Through Firewalls
From: Customer Support
Date: 10/11/2002
Subject: Configuring Firewall to Limit Access
If you use Rational ClearCase MultiSite and you have installed the Shipping Server on an “exposed host” (a host that has been configured to communicate through the firewall), you must configure the firewall to ensure that only known IP addresses can access the firewall to send packets to the exposed host. For maximum security, you should limit the number of IP addresses as much as possible.
If you do not configure your firewall to limit access, there is a potential security issue because any computer with access to the firewall may be able to enter your network and manipulate VOB databases and other (non-ClearCase) data and services.
Note that when you use the Shipping Server on an exposed host, you must specify the ports to which programs can connect. You can use the CLEARCASE_MIN_PORT and CLEARCASE_MAX_PORT environment variables to specify port ranges that the Shipping Server can use, and you must allow access to TCP port 371 (albd_serverport) on the exposed host.
For example, the following figure shows a common shipping server and firewall setup. In this example, the administrator configures FirewallA to allow access to ExposedHostA only from ExposedHostB, and configures FirewallB to allow access to ExposedHostB only from ExposedHostA.
For information about firewall configuration, see the documentation for your firewall. For information about using the Shipping Server through a firewall, see the Administrator’s Guide for Rational ClearCase MultiSite.
If you have any questions regarding the situations discussed in this Technical Bulletin, please contact Rational Customer Support via telephone, fax, or electronic mail as described below. For information regarding support hours, languages spoken, or other support information, click the Technical Support link on the Rational Web site at www.rational.com.
| Your Location | Telephone | Facsimile | Electronic Mail |
|---|---|---|---|
| North America | 800-433-5444 toll free or 408-863-4000 Cupertino, CA |
408-863-4194 Cupertino, CA 781-676-2460 Lexington, MA |
support@rational.com |
| Europe, Middle East, and Africa | +31-(0)20-4546-200 Netherlands | +31-(0)20-4546-201 Netherlands | support@europe.rational.com |
| Asia Pacific | 61-2-9419-0111 Australia | 61-2-9419-0123 Australia | support@apac.rational.com |
Technical Bulletin Number 50 - 10/11/02