3.2 Configuring the Administration Console Firewall

Before you can install other Access Manager components and import them into the Administration Console, or before you can log in to the Administration Console from a client machine, you must first configure the firewall on the Administration Console.

3.2.1 Linux Administration Console

  1. Click Computer > YaST > Security and Users > Firewall.

    This launches the Firewall Configuration screen.

  2. Click Allowed Services > Advanced.

  3. In the TCP Ports field, specify the ports to open.

    (Conditional) If you are installing the Administration Console, Identity Server or SSL VPN on different machine, list the following additional ports in the TCP Ports field:

    • 8080

    • 8443

    • 3080

    • 3443

    (Conditional) If you are installing the Administration Console, Identity Server or SSL VPN on the same machine, list the following additional ports in the TCP Ports field:

    • 2080

    • 2443

  4. (Conditional) If you are importing an Access Gateway into the Administration Console, list the following additional ports in the TCP Ports field:

    • 1443

    • 8444

    • 1289

    • 524

    • 636

    If you are importing an Access Gateway Appliance, enter icmp in the IP Protocols field.

    For specific information about the ports listed in Step 3 and Step 4, see Setting Up Firewalls in the NetIQ Access Manager 3.2 SP3 Setup Guide.

    NOTE: In Access Manager version 3.2 and later, Admin Console will be accessible on ports 2080 (HTTP) and 2443 (HTTPs) when Identity Server or SSL VPN are installed on the same machine.

  5. Click OK.

  6. Click Next > Accept.

  7. Restart Tomcat by entering /etc/init.d/novell-ac restart OR rcnovell-ac restartfrom the Administration Console command line.

  8. Continue with Section 3.3, Logging In to the Administration Console.

3.2.2 Windows Administration Console

  1. Click Control Panel > Windows Firewall.

  2. Click Advanced, then for the Local Area Connection, click Settings.

  3. For each port that needs to be opened, click Add, then fill in the following fields:

    Description of service: Specify a name, for example Admin Console Access for port 8080 or Secure Admin Console Access for port 8443.

    Name or IP address: Specify the IP address of the Administration Console.

    External Port number for this service: Specify the port.

    Open the following ports:

    • 8080

    • 8443

  4. (Conditional) If you are importing an Access Gateway into the Administration Console, add the following ports:

    • 1443

    • 8444

    • 1289

    • 524

    • 636

    For specific information about the ports, see When a Firewall Separates the Administration Console from a Component in the NetIQ Access Manager 3.2 SP3 Setup Guide.

  5. (Conditional) If you are importing an Access Gateway Appliance, click ICMP, select all options, then click OK twice.

  6. Enter the following commands to restart Tomcat:

    net stop Tomcat7
net start Tomcat7

  7. Continue with Section 3.3, Logging In to the Administration Console: