As the title suggests my query is regarding running MQ Clusters across firewalls. Is anyone out there locking down individual ports? or do people relax the rules and allow x.x.x.x:* to go across? I'm saying this as although it's straighforward to assign a port number to a Queue manager listener, the sender port is chosen almost at random (there are some rules but not nearly tight enough.) I know you can use the MQTCPSDRPORT environment variable to set a range, but this is used for ALL sending connections including conversations initiated with other machines inside the firewall. Therefore you can't dictate which are to be used for internal connections and which are external.
By external I mean a 3 tier firewall comprised of Web Zone / App Zone / Corp net. MQ Servers would be present in App Zone and Corp net.
I know MQIPT is available but the documentation is sketchy - has anyone tried and got the http tunnelling working? - this may be the way we can allow our MQ traffic to talk over port 80? Also in the current version MQIPT does not acknowledge the existence of MQTCPSDRPORT nor according to the documentation - does it support cluster channels.
I am aware that a new version is due shortly - but this has a pre-req of Java 1.4 which is still in beta itself!
Just wondering how people manage to lock down their MQ environments whilst still maintaining the flexibility that clustering offers?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum