Chapter 4. Implementation scenario: Tivoli Firewall Security Toolbox 123
3. The second instance of the Relay is then responsible for initiating the
connection with the RC Controller Proxy. This Relay uses a pre-defined range
of ports (4023-4024) to establish a connection to port 8020 defined on the RC
Controller Proxy. This range of ports needs to be defined
after the installation
of the second instance of the Relay. Information on how to customize it is
given in 4.3.2, “Remote Control Proxy configuration” on page 129.
Communications from the RC Target Proxy machine to port 7020 should be
allowed by firewall 2.
4. Then the RC Controller Proxy communicates with the Endpoint Target using
a random port, while the Target listens on the default Remote Control port
2501.
Table 4-2 summarize the ports that we used to configure both Remote Control
Proxies and the Relay.
Table 4-2 Summary of port configuration
When a remote Control session is initiated, the Remote Control Controller
connects to the RC Target Proxy running on the Endpoint Proxy machine. When
the Target Endpoint is connected to a Gateway Proxy, it is registered in the
Endpoint Manager using the Endpoint Proxy IP address. The RC Target Proxy
queries the Endpoint Proxy about the actual Endpoint’s IP address and port and
collects this information. The Endpoint Proxy also gives the Gateway Proxy label
to the RC Target Proxy.
Source Destination
Component Port Component Port
Controller random RC Target Proxy 5020
RC Target Proxy range
(4000-4010)
Relay 7020
Relay range
(4023-4024)
RC Controller Proxy 8020
RC Controller Proxy random Target 2501
Target 2501 RC Controller Proxy random
RC Controller Proxy 8020 Relay range
(4023-4024)
Relay 7020 RC Target Proxy range
(4000-4010)
RC Target Proxy 5020 Controller random