• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Tuxedo and opening ports for inbound and outbound

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Tuxedo and opening ports for inbound and outbound Page: [1]
Message << Older Topic   Newer Topic >>
Tuxedo and opening ports for inbound and outbound - 22.Feb.2011 10:17:24 AM   


Posts: 17
Joined: 8.Apr.2005
Status: offline

I am trying to allow access to a BEA tuxedo instance via NAT and am having some issues.  As i am not a Tuxedo export (not a TMG expert for that matter) I am unsure where the issue may lie - in my TMG setup or Tuxedo config!

My simple network config is as follows

Tri homed ISA box with 3 NICs (LAN/Internal) (WAN/External) (DMZ/Permiter) .. currently not configured but shown here for completeness

Tuxedo destination server Eth1 (LAN/internal) MASK Gateway

Testbox hitting the NAT address which is (NAT'd out of my control) to
I have added 2 new [User Defined] port definitions Tuxedo for inbound and Tuxedo Server for outbound connections.
Parameters->Connections->PortRange 5795-5815 TCP Outbound
Parameters->Connections->PortRange 6815-5835 TCP Outbound
Name=Tuxedo Server
Parameters->Connections->PortRange 5795-5815 TCP Inbound
Parameters->Connections->PortRange 6815-5835 TCP Inbound

I have added an [Access Rule]
Name=Tuxedo Outwards
Users=All Users

I have added a [Server Publishing Rule]
Name=Tuxedo Inbound
Traffic=Tuxedo Server
To=, "Requests Appear To Come From Original Client"=[true]

The logs show the "Tuxedo Inbound" rule being hit but then immediatedly closed.
In the tuxedo configuration I have :: (the default port range of 20 new open ports should be used as its not set explicitly)
exec JSL -A -- -n // -H // -x10 -m1 -M19 -T120 -c512
exec JSL -A -- -n // -H // -x10 -m1 -M19 -T120 -c512

As per the article

Quoted Extract

You need to add the -H switch to the WSL's command line. So if before your WSL command line looks like:
and your system's IP address is and you are behind a NAT firewall with an external address of you would likely change your WSL command line in your UBB config file to:
WSL SRVGRP=GWGRP SRVID=20 CLOPT="-A -- -n // -H // -p 10000 -P 11000"
and then make sure ports 6005 and 10000 to 110000 on the NAT firewall are forwarded to your Tuxedo system. The -p and -P limit the ports the WSH handler processes will use.
Todd Little
Oracle Tuxedo Chief Architect

Can anybody help me - have i made any glaringly obvious mistakes.

< Message edited by pingcrosby -- 22.Feb.2011 10:30:04 AM >
Post #: 1
RE: Tuxedo and opening ports for inbound and outbound - 22.Feb.2011 10:22:01 AM   


Posts: 17
Joined: 8.Apr.2005
Status: offline
Sorry - the log file i originally posted messed up the message. Hopefully this log will render correctly on browsers (it looked ok in preview mode)

Rule                 Client IP Destination IP Source Port Destination Port    Protocol     Action     Result Code                     Source Network Destination Network  Server Name Log Record Type  NAT Address
Tuxedo Inbound        10298             5795  Tuxedo Server  Initiated Connection 0x0 SUCCESS                      External  Internal   FTMG   Firewall
Tuxedo Inbound       10299             5795  Tuxedo Server Initiated Connection 0x0 SUCCESS                      External     Internal         FTMG         Firewall
Tuxedo Inbound       10298             5795  Tuxedo Server Closed Connection     0x80074e20 FWX_E_GRACEFUL_SHUTDOWN External     Internal         FTMG         Firewall 1

< Message edited by pingcrosby -- 22.Feb.2011 10:43:08 AM >

(in reply to pingcrosby)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Tuxedo and opening ports for inbound and outbound Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts