Skip to main content

Preparing site firewalls and proxies for the CMM call-home feature

You must configure your firewalls and proxy server to enable operation of the CMM call-home feature, if you have firewalls in your network.

The CMM must be able to access remote systems over the Internet to deliver call-home information. To enable this access, you must configure the firewalls and proxies in your network to allow access by the CMM.

Complete the following steps to configure the firewalls and proxies in your network:

  1. Identify the CMM ports that you will use for your systems-management configuration (see Table 1) and make sure that these ports are open.
    • In the CMM web interface, select the Port Assignments tab from the Mgt Module Management > Network page. Ensure that the ports you plan to use for your systems-management configuration are open. All fields and options are fully described in the CMM web interface online help.
    • In the CMM CLI, use the ports command (see ports command for information about command use).
  2. Make sure that a connection exists to the Internet address in Table 1 that is required by the CMM call-home feature.
    Note
    • If possible, always use DNS name instead of IP addresses, because IP addresses could be changed ocassionally.
    • If your CMM is configured for secured operation, FTP port (port 21) will be disabled.
    • If your CMM is already configured, re-configure firewalls and networks first in order to access corresponding IPs.
    Table 1. Required connections for the CMM call-home feature
    DNS nameIP addressPort(s)Protocol(s)

    www-945.ibm.com

    (IEPD problem reporting gateway)

    		IPv4:
    • 129.42.26.224
    • 129.42.34.224
    • 129.42.42.224
    • 129.42.50.224
    IPv6:
    • 2620:0:6C0:1::1000
    • 2620:0:6C1:1::1000
    • 2620:0:6C2:1::1000
    • 2620:0:6C4:1::1000
    		443 (HTTPS)

    80 (default listener port)

    21 (FTP)

    22 (SFTP)

    		https, ftps

    esupport.ibm.com

    eccgw01.rochester.ibm.com

    eccgw02.boulder.ibm.com

    (Edge gateway for all transactions)

    		IPv4:
    • 129.42.56.189
    • 129.42.58.189
    • 129.42.60.189
    • 129.42.54.189
    IPv6:
    • 2620:0:6c0:200:129:42:56:189
    • 2620:0:6c1:200:129:42:58:189
    • 2620:0:6c2:200:129:42:60:189
    • 2620:0:6c4:200:129:42:54:189
    		443 (HTTPS)

    80 (default listener port)

    21 (FTP)

    22 (SFTP)

    		https, ftps
    The following connections might not be required in all cases:
    www6.software.ibm.com170.225.15.41443https
    www.ibm.com

    • 129.42.56.216

    • 129.42.58.216

    • 129.42.60.216

    • 129.42.160.51

    • 207.25.252.197

    		443

    80 (optional)

    		https, http
    www-03.ibm.com204.146.30.17443

    80 (optional)

    		https, http
    download3.boulder.ibm.com

    170.225.15.76

    		443

    80 (optional)

    		https, http
    download3.mul.ie.ibm.com129.35.224.114443

    80 (optional)

    		https, http
    download4.boulder.ibm.com170.225.15.107443

    80 (optional)

    		https, http
    download4.mul.ie.ibm.com129.35.224.107443

    80 (optional)

    		 
    delivery04-bld.dhe.ibm.com

    • 129.35.224.104

    • 170.225.15.104

    		443

    80 (optional)

    		https, http
    delivery04.dhe.ibm.com

    • 129.35.224.105

    • 170.225.15.105

    		443

    80 (optional)

    		https, http
    eccgw01.boulder.ibm.com207.25.252.197443http
    eccgw02.rochester.ibm.com129.42.160.51443http
  3. If the CMM does not have direct Internet access with your network configuration, make sure that the selected proxy server is configured to use basic authentication.

Make sure that the following items in the CMM are configured to support call-home communication using your network:

  • Enable DNS in the CMM and configure it to match the DNS settings for your network.
    • In the CMM web interface, select the DNS tab from the Mgt Module Management > Network page, and check the Enable DNS checkbox. Ensure that the DNS settings match the DNS settings for your network. All fields and options are fully described in the CMM web interface online help.
    • In the CMM CLI, use the dns command (see dns command for information about command use).
  • If required for your network, enable the CMM service advisor HTTP proxy and configure it to match the proxy settings for your network.
    • In the CMM web interface, select the Support tab from the Service and Support > Settings page. In the Outbound Connectivity section, check the Use proxy checkbox, then click Apply. All fields and options are fully described in the CMM web interface online help.
    • In the CMM CLI, use the chconfig command (see chconfig command for information about command use).
  • Configure CMM service advisor contact information.
    • In the CMM web interface, select the Support tab from the Service and Support > Settings page. Enter the service advisor contact information in the Contact Information section, then click Apply. All fields and options are fully described in the CMM web interface online help.
    • In the CMM CLI, use the chconfig command (see chconfig command for information about command use).
  • Accept all CMM service advisor terms and conditions and enable the CMM service advisor.
    • In the CMM web interface, select the Support tab from the Service and Support > Settings page. Check the Enable Support checkbox, then click Apply. All fields and options are fully described in the CMM web interface online help.
    • In the CMM CLI, use the chconfig command (see chconfig command for information about command use).