Layer7 API Management

Expand all | Collapse all

How can I change the Policy manager admin port from the default to another port that does not accept, external, customer data traffic.

  • 1.  How can I change the Policy manager admin port from the default to another port that does not accept, external, customer data traffic.

    Posted May 17, 2017 11:30 PM

    Default installation accepts service requests and management requests on 8443 and 9443.


    The default Gateway configuration listens on port 8080 for standard service requests and port 8443 for encrypted service requests over SSL. Administrative requests from the Policy Manager take place over port 8443. The browser version of the Policy Manager is accessed by either port 8443 or 9443....
    If the default endpoints are changed during configuration of the Gateway, or later by the Policy Manager, the network firewalls must be reconfigured to reflect these changes.

    https://docops.ca.com/ca-secure-cloud-for-service-providers/1-57/EN/files/352565916/352565917/1/1427481014139/Layer7_ins… 

     

    I would like to isolate service requests and management requests, but I am unable to find documentation on how the default can be changed. Is there additional documentation on how to change the defaults?



  • 2.  Re: How can I change the Policy manager admin port from the default to another port that does not accept, external, customer data traffic.
    Best Answer

    Posted May 18, 2017 12:15 PM

    Hello

     

    Policy Manager can be configured on any secure listen port and a port can be configured to a specific NIC/Interface, thus you should be able to block access to external PM connections.   See Listen Port Properties - CA API Gateway - 8.4 - CA Technologies Documentation for the background.  

     

    You will need at least two ports with PM access as you can not reconfigure a listen port when a active policy manager is connected.

     

    If you need assistance setting this up then raise a support case and either myself or one of my colleagues can assist.  

     

    Regards

    Christopher Clark

    CA Support



  • 3.  Re: How can I change the Policy manager admin port from the default to another port that does not accept, external, customer data traffic.

    Broadcom Employee
    Posted May 18, 2017 08:27 PM

    Hi bsconsulting ,

    As Clark said,  the listen port property "Policy Manager access" on listen port properties -> [Basic settings] tab, will determine if policy manger can access gateway on this port.   

     

    Regards,

    Mark