cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FWM 01009 (null):firewall problem?

Go to solution
Former Member

on ‎09-28-2010 4:11 PM

0 Kudos

Hi Guys,

I have a problem with a DMZ installation and the firewall settings

Here's the situation.

On our internal network we have installed the servercomponents of BOXI Edge 3.1, which seems to be running fine.

We have a seperate Webserver with Tomcat 5.5 installed on it in the DMZ zone. Via Wdeploy I have deployed the war files on it (according to the wdeploy deploy document).

Whenever I want to logon to the CMC on my webserver machine, my login screen is appearing fine, but after I hit logon, I receive the error message FWM 010009 (null), a communication failure has occured. According to our firewall team, all ports are open in both directions. They have executed a trace and see that the BOXI Edge server is sending back packages, but that in that package should be an end communication order.

I still have (an older) VM with Edge 3.1 behind the firewalls (thus internally), from which I can access my newly installed machine in a glance...

As an extra test we have installed a complet Edge version on the Webserver as well. Communication on the webserver is OK, but as soon as we try to connect to the server behind the firewall, it goes wrong and the error appears.

So here comes my question, is there anyone who can give me a clue where it goes wrong?

Is it correct to say that it is a firewall problem?

If all ports are open on the firewall, communication shouldn't be a problem, isn't it?

Any help is appreciated.

Regards,

Jorn

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-29-2010 10:58 AM
0 Kudos

Hi,

we have appointed a static port 4982 to the request port.

According to our firewall guys, no communications is coming from the request port. Even before the request port can answer, the port 6400 is sending a FIN package (termination package) to the application resulting in the error message.

They say that all ports are open and that it's not a firewall problem... However when I communicate within my LAN environment this is not a problem...

Can please someone help me out?

Regards,

Jorn

Edited by: Jornvdd on Sep 29, 2010 12:08 PM

Show replies
Show replies
gowdatimma_ramu
Contributor
‎09-29-2010 11:39 AM
0 Kudos

Hi,

is the BOE Server running on the dual nic system and are you using the ip to login ?

Regards,

Ramu.

Former Member
‎09-29-2010 11:56 AM
0 Kudos

Ramu,

we are indeed using a double NIC system. The second Network card is disabled.

The problems are appearing both when we try to logon via the ip-adres and via the server name.

On the DMZ server we have added the ip-adres and hostname in the host file.

Jorn

gowdatimma_ramu
Contributor
‎09-29-2010 12:43 PM
0 Kudos

Hi,

Could you please assign the IP address of the enabled Nic to CMS server in the "Host Identifier" section of the Server properties and check.

Regards,

Ramu.

Former Member
‎09-30-2010 9:49 AM
0 Kudos

Hi Ramu,

that did the trick...

Should all servers have the ip-adress fixed?

Jorn

gowdatimma_ramu
Contributor
‎09-30-2010 10:38 AM
0 Kudos

In your case, yes it has to be.

Regards,

Ramu.

robhellemons
Explorer
‎09-29-2014 5:03 PM
0 Kudos

Hi Ramu,

We had the same issue and therefore I assigned the IP address of the NIC like you suggested. Now my entire BO environment doesn't start anymore. When I start the SIA, service port 6400 isn't coming up anymore.

I'm trying to correct this in the BOE bootstrap file. Until now without success.

Any suggestions?


Regards,

Rob

Answers (2)

Answers (2)

Former Member
‎09-29-2010 9:38 AM
0 Kudos

Hi Seb,

thanks for your answer. We can get through via a telnet session on port 6400, so the port on the firewall should be open (that is exactly what the firewall guys have told us...). However we still can not get any communication between the LAN and DMZ.

Meanwhile we have made some tests: communication within the DMZ is working fine, communication within the LAN is working fine. A communication from DMZ towards LAN gives us the error FWM 01009, and a logon from LAN towards the BO test system in DMZ is giving us the same error... The only thin I see in between is the firewall or am I wrong?

Jorn

Show replies
Show replies
gowdatimma_ramu
Contributor
‎09-29-2010 9:50 AM
0 Kudos

Hi,

For CMS there are two prots one is Name Server port and the other is the Request Port, by default the Name Server port is assigned the port 6400 and the request will reach the CMS when the Name Server is enabled on the firewall but the Web application cannt communicate as the Request port is unaware and the firewall port is not open for communication.

for this you can assign a static port for the CMS Request in CMS properties via CMC and enable the firewall for this port.

Regards,

Ramu.

former_member136842
Employee
Employee
‎09-28-2010 4:20 PM
0 Kudos

Hi,

please validate if port 6400 is open on the Firewall.

What i always do in that case is that i activate the telnet service on the server behind the firewall. After that you open a CMD on your Webserver and type "telnet SERVERNAME_WITH_CMS 6400"

check if you can connect. If you can the firewall is fine. If you cant the port 6400 isnt open.

Also please do the same with port 6410

Regards

-Seb.

Show replies
Show replies
Ask a Question