Firewalls, VPNs, and multihomed machines

Special considerations apply when you install HCL DevOps Test Integrations and APIs (Test Integrations and APIs) on systems with firewalls, virtual private networks (VPNs), or connections to more than one network.

Firewalls, VPNs, or multiple network connections can create situations where an application cannot locate a particular address or cannot follow a particular route. In these cases, you must provide an address that the application can use.

In the following illustration, Test Integrations and APIs runs on Machine C, which is connected to Network A. Machine C also has a VPN connection to Network B, where a proxy server is running.

Machine C is connected to both Network A and Network B.

When you start a TCP server on Machine C, it binds to one or more addresses on the networks visible to it such as 192.168.0.8 and 203.0.113.5, and uses an ephemeral port number, such as 50136, selected at random from the available ports. A problem arises when you want an application on Machine B, such as the proxy server in this example, to connect to the server you just started. The application cannot see Network A and therefore is unable to route messages to 192.168.0.8. Similarly, Machine C might have firewall restrictions that allow only a known set of ports to be opened for connection.

The solution is to provide Test Integrations and APIs with a fixed address and fixed port number on which to start the server. For example, you might specify a bind address of 203.0.113.7 and a port number of 7120, and then configure the firewall to open port 7120 for connection. This enables the proxy server to route messages to 203.0.113.7:7120.

Bind addresses and port numbers are maintained in Library Manager. For more information, see Working with Library Manager.