Layer7 API Management

Recommendation Not to Modify Port 2124 in Policy Manager 

Jul 25, 2018 08:11 PM

Summary

In some cases, users will want or feel the need to modify port 2124 in Policy Manager when using the CA API Gateway ("Gateway"). While some changes may not negatively affect anything, it is considered a best practice to leave port 2124 alone, or in other words leave it set at it's default levels.

 

Issue

Many changes made to that specific Listen Port can result in issues with the Gateway service, even if not noticeable up front.

 

Example of an issue observed after making changes to port 2124:

  • The status will never show "running" and will seemingly be stuck on "starting" even when the Gateway is in fact running and processing traffic.

 

Cause

The reason for this is that the SecureSpan Process Controller ("SSPC") monitors and checks the health of the Gateway, which it calls APIs over port 2124 to accomplish these tasks. Some modifications to port 2124 can break this required communication between the SSPC and the SSG service.

 

Some changes to port 2124 that are known to negatively impact the service:

  • Client Authentication set to "none" instead of the default of "optional".
  • SSL protocol changes
  • Cipher suite changes

 

Resolution

Unless required, it is recommended not to modify port 2124. If it is absolutely necessary to make modifications to port 2124, it would be recommended to test this in a low level environment first before proceeding to make a change to port 2124 in production, to ensure that these changes are not causing any unintended consequences in your environment.

Statistics
0 Favorited
4 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.