Author: Jenna Zwick
Date: January 11th, 2024
Audience: Everyone
Scope: Self-hosted instances, Replicated - KOTS and Traditional
Summary
Jama Software® Support does NOT support Firewall Configurations
At Jama Software, we do not support the use of firewall programs like firewalld
and ufw
on the application server, as they can interfere with both KOTS and Traditional instances of Jama Connect. For optimal access management, an airgap configuration is recommended. However, we recognize that some organizations require remote access and must adhere to policies restricting traffic on most ports, making an airgap instance impractical.
Configuration and Responsibility
Configuring a custom firewall is the host's responsibility and falls outside the scope of support Jama Software can provide. This task, including the management of iptables
and firewalld
So that you know, rules must be handled independently by your team.
Resources for Assistance
To support you within our limits, we have compiled resources that may assist in replicating firewall rules from your original server to a new application server, saving rules permanently, and understanding standard IP port ranges used by KOTS clusters:
- Saving iptables Rules Permanently
- Common Port Ranges Used by KOTS Clusters
- Firewalld Advanced User Guide
- Server Fault - Import/Export firewalld Settings
- Server Fault - Export and Restore iptables Settings
Precautions and Recommendations
We strongly suggest backing up the application server and database instances before you implement firewall changes. Troubleshooting these configurations is beyond our support scope, so having a backup and a rollback plan is crucial.
It is recommended that you disable both the firewall and during the installation and updates of our application to avoid any interference.
After installation, review your system’s active ports using tools, such as netstat
and adjust your firewall rules to allow remote access to the necessary ports.
Limitations of Our Support
While we offer general guidance and resources, please know that our support does not extend to external tools not developed by Jama Software, including firewalls.
Related to
Comments
0 comments
Article is closed for comments.