February 13, 2014

Windows Server firewall rules for Maximo/SCCD installation

Windows 2008 Server default firewall rules are very restrictive.
When installing Maximo or SmartCloud Control Desk on a remote WebSphere installed on a Windows 2008/20012 Server system you may hit some connectivity errors between the Maximo Administrative Workstation and the application server.

I have found out you have to open the following ports/protocols:
  1. Ping: this is used by the Deplyment Engine to check hostnames and availability or remote systems
  2. WebSphere SOAP (8879): Used to administer WAS remotely.
  3. HTTP/HTTPS (80/443): The HTTP Server
  4. WebSphere Administrative Console (9043): Needed to deploy MAXIMO.ear file

These are the commands that I have used to set the firewall rules.

netsh firewall set icmpsetting 8
netsh advfirewall firewall add rule name="WebSphere SOAP" dir=in action=allow protocol=TCP localport=8879
netsh advfirewall firewall add rule name="HTTP " dir=in action=allow protocol=TCP localport=80
netsh advfirewall firewall add rule name="HTTPS" dir=in action=allow protocol=TCP localport=443
netsh advfirewall firewall add rule name="WAS Administrative Console (secure)" dir=in action=allow protocol=TCP localport=9043

These commands must be ran from a command line with administration privileges. To do this right click on the Command Prompt shortcut and select Run as Administrator.

Depending on your environment you may need to open additional ports. Here is the complete list of WebSphere ports.

On the database server you need to open the ping and JDBC ports.
  • DB2: 50000
  • Oracle: 1521
  • SQL Server: 1433