Author: Jenna Zwick
Date: January 11th, 2024
Scope: Self-hosted instances, both KOTS and Traditional
Problem/Summary: Firewall Configurations are not supported by Jama Software® Support
At Jama Software, we do not support the use of firewall programs like
ufw on the application server, as they can interfere with both KOTS and Traditional instances of Jama Connect. For optimal access management, an airgap configuration is recommended. However, we recognize that some organizations require remote access and must adhere to policies restricting traffic on most ports, making an airgap instance impractical.
Configuration and Responsibility:
Configuring a custom firewall is the host's responsibility and falls outside the scope of support Jama Software can provide. This task, including the management of
firewalld So that you know, rules must be handled independently by your team.
Resources for Assistance: To support you within our limits, we have compiled resources that may assist in replicating firewall rules from your original server to a new application server, saving rules permanently, and understanding standard IP port ranges used by KOTS clusters:
- Saving iptables Rules Permanently
- Common Port Ranges Used by KOTS Clusters
- Firewalld Advanced User Guide
- Server Fault - Import/Export firewalld Settings
- Server Fault - Export and Restore iptables Settings
Precautions and Recommendations:
We strongly suggest backing up the application server and database instances before you implement firewall changes. As troubleshooting these configurations is beyond our support scope, having a backup and a rollback plan is crucial.
Also, it is recommended that you disable both the firewall and during the installation and updates of our application to avoid any interference.
After installation, review your system’s active ports using tools such as
netstat and adjust your firewall rules to allow remote access to the necessary ports.
Limitations of Our Support: While we offer general guidance and resources, please understand that our support does not extend to external tools not developed by Jama Software, including firewalls.