Manage Listen Ports
A listen port is a TCP port that "listens" for incoming messages that are then passed to the message processor. The Manage Listen Ports task lets you define passive listeners, including HTTP(S) and FTP(S). (JMS message polling is handled by the JMS queuing capabilities of the , while email listeners are configured using the Manage Email Listeners task.)
gateway83
A listen port is a TCP port that "listens" for incoming messages that are then passed to the
API Gateway
message processor. The Manage Listen Ports task lets you define passive listeners, including HTTP(S) and FTP(S). (JMS message polling is handled by the JMS queuing capabilities of the API Gateway
, while email listeners are configured using the Manage Email Listeners task.)At least one administrative listen port is configured when the
API Gateway
is first set up (see Gateway Configuration Wizard). After this, you use the Manage Listen Ports task to add, modify, or delete ports.Changes to the listen ports propagate through a
API Gateway
cluster within 30 seconds—new ports are effective within 30 seconds, while deleted ports should be unavailable after 30 seconds or when the last "keep-alive" connection closes, whichever is later. A Gateway restart is not required after listen port changes.Policy Manager Port Requirements
A listen port for the Policy Manager was defined when the
API Gateway
was configured. If you need to create a new listen port, it must conform to the following characteristics:- must be above port 1024
- must be SSL
- must not require a client certificate
- must have one of the following options enabled: [Policy Manager access] for the standard client, or [Browser-based administration] for the browser client; these are set in the [Basic Settings] tab of the listen port properties
Configuring listen ports is intended for advanced technical users. The default values delivered with the
API Gateway
should be adequate in most cases.To manage listen ports
:- In the Policy Manager, select [Tasks] >Manage Listen Portsfrom the Main Menu (on the browser client, from the Manage menu).The Manage Listen Ports dialog appears.1) Listen ports shown in red text indicate a possible conflict with another port. 2) Though the Manage Listen Ports dialog allows you to delete the predefined listen ports, you must ensure that the features are enabled in some other listener to ensure correctAPI Gatewayfunctionality.
- The following table describes each column (these are set in the listening port's properties):ColumnDescriptionEnabledIndicates whether the port is enabled for listening. If disabled, theAPI Gatewaywill treat the port as if it was removed from the system.The listen port is enabled or disabled in the [Basic Settings] tab of the Listen Port Properties.NameThe "friendly" name given to the port. This name is used only for logging and display purposes. The name is defined in the [Basic Settings] tab of the Listen Port Properties.ProtocolIndicates the transport protocol used by the listener. The following protocols are available:
- HTTP: This is the standard HTTP interface to theAPI Gateway. All available IP addresses are used, over port 8080.
- HTTPS: This is the SSL interface to theAPI Gateway, used during mutual authentication. All available IP addresses are used, over port 8443.
- HTTPS (no client authentication): This endpoint is the same as the SSL Endpoint without client certificate challenges. All available IP addresses are used, over port 9443.
- FTP: This endpoint provides unsecured transport, similar to HTTP.
- FTPS: This endpoint provides secured transport, similar to HTTPS.
- SSH2: This endpoint provides secured transport via the SSH2 protocol.
The protocols are defined in the [Basic Settings] tab of the Listen Port Properties.InterfaceLists the interfaces used by the listen port. This is configured in the [Basic Settings] tab of the Listen Port Properties.PortThe port number being monitored. Ports 1 to 1024 are reserved by theAPI Gateway. The port number is specified in the [Basic Settings] tab of the Listen Port Properties.Firewall Adjustments on SoftwareAPI GatewayIf the Policy Manager is connected to a software version of theAPI Gateway(i.e., not an appliance), you must ensure that the firewall protecting theAPI Gatewayy host machine permits traffic through the ports specified here.For a list of the ports required, consult the file <Gateway_home>/var/firewall_rules on theAPI Gatewaymachine. This file is a standard Linux firewall configuration file that can be used to automatically adjust the firewall if you are using the Linux RHEL version of theAPI Gateway.If the Policy Manager will be connecting to theAPI Gatewayusing a port other than the default 8443, the port number must be appended to theAPI Gatewayname. For more information, see Connect to theAPI Gateway. - Select a task to perform:To...Do this...Add a new listen port
- Click [Create].
- Complete the Listen Port Properties.
Clone an existing listen port- Select the port to clone.
- Click [Clone].
- Edit the Listen Port Properties as required.
Remove a listen port- Select the port to remove.
- Click [Remove].
View or edit the properties of a listen port- Select the port to view.
- Click [Properties]. See Listen Port Properties for details.
Manage interfacesClick [Interfaces]. See Managing Interfaces for details.Manage Firewall RulesClick [Manage Firewall Rules]. See Managing Interfaces.Configure how services are resolvedClick [Service Resolution]. See Managing Service Resolution for details.You cannot remove or modify the port currently used to administer theAPI Gateway. To move the admin listener to another port: (1) Create a new admin listener on the new port. (2) Reconnect theAPI Gatewayon the new port. (3) Remove the old admin listener. - Click [Close] when done.