Red Hat Training

A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification

2.4. Connectivity Requirements

The operating system and the Java virtual machine operate according to their specification. These external systems shall be configured in accordance with this guidance.
Any other system with which JBoss EAP 6.2.2 communicates is assumed to be under the same management control and operate under the same security policy constraints as JBoss EAP 6.2.2.
Report a bug

2.4.1. Cluster Connectivity Requirements

JBoss EAP 6.2.2 instances must operate in a network segment that is logically separated from any other network segment by use of a packet filtering mechanism. This packet filter must only allow incoming communication that meets both the following criteria:
  • network protocol is TCP
  • destination port is 8080 or 8443
All outgoing communication from one of the JBoss EAP 6.2.2 instances must be allowed.

Note

There are three defined interfaces to separate trusted and untrusted network traffic: public, cluster, and internal. Refer to Section 5.3.1, “Network Interfaces” for more information.
Each cluster node communicates with the other nodes by means of standard network sockets. Whenever this occurs the client side of each connection has a port number assigned to it by the host operating system from a range of ports that are reserved for client sockets. These ports are referred to as dynamic or ephemeral ports. They are only used by a connection until it is closed. Once the connection is closed the port is made available for use by other new client connections. Refer to your operating system documentation if you need to configure this port range.
Report a bug