Firewalls, VPNs, and multihomed machines

Special considerations apply when you install Rational® Integration Tester on systems with firewalls, virtual private networks (VPNs), or connections to more than one network.

Firewalls, VPNs, or multiple network connections can create situations where an application cannot locate a particular address or cannot follow a particular route. In these cases, you must provide an address that the application can use.

In the following illustration, Rational® Integration Tester runs on Machine C, which is connected to Network A. Machine C also has a VPN connection to Network B, where a proxy server is running.

Machine C is connected to both Network A and Network B.

When you start a TCP server on Machine C, it binds to one or more addresses on the networks visible to it such as 192.168.0.8 and 203.0.113.5, and uses an ephemeral port number, such as 50136, selected at random from the available ports. A problem arises when you want an application on Machine B, such as the proxy server in this example, to connect to the server you just started. The application cannot see Network A and therefore is unable to route messages to 192.168.0.8. Similarly, Machine C might have firewall restrictions that allow only a known set of ports to be opened for connection.

The solution is to provide Rational® Integration Tester with a fixed address and fixed port number on which to start the server. For example, you might specify a bind address of 203.0.113.7 and a port number of 7120, and then configure the firewall to open port 7120 for connection. This enables the proxy server to route messages to 203.0.113.7:7120.

Bind addresses and port numbers are maintained in Library Manager. For more information, see Working with Library Manager.