Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CW2k - RWAN - Moving HTTP server to DMZ

I got installation with CW2000 installed on one big SunFire server

(all aplications with ipm on one device) becouse of need to give access some # of ppl in enterprise to access to CW2k we need to do something:

1 - give access via firewalls to http://server:1741/ only

2 - insert new card to server and some software FW, and bind only :1741 to it.

3 - place another server in DMZ or public area, put only frontend on it.. leaving all aplication on orginal server .

Customer are mostly pointing to 3rd sollution.

Can it be done ?


Re: CW2k - RWAN - Moving HTTP server to DMZ

If you are trying to manage devices via ciscoworks through a firewall (ie. ciscoworks server is inside the dmz and people from remote clients to use the cw server to manage devices), you will have to permit the following ports in your firewall for CW to work:

Incoming Ports

42343/tcp (JRun)

57860/tcp (JRun Server Manager ControlServer - Used for Jrun Administration)

42344/tcp (ANI HTTP server)

514/udp (Standard port for Syslog)

1741/tcp (port used for the CiscoWorks2000 HTTP server)

1742/tcp (used when the webserver is running on SSL mode)

Database ports: 43441-43449 (The ports used by different apps are different. For example, CD One uses 43441 and Essentials uses 43442)

Outgoing Ports

161/udp (Standard port for SNMP Polling)

162/udp (Standard port for SNMP Traps)

23/tcp (Standard port for Telnet)

22/tcp (Standard port for SSH)

80/tcp (Default HTTP for device navigator)

Incoming and Outgoing Ports:

42340/tcp (CiscoWorks2000 Daemon Manager, the tool that manages server processes)

42342/udp (Osagent)

7580/tcp (default port; alternate port: 42352/tcp) (ESS HTTP port)

69/udp (Standard port for TFTP)

1683 (IIOP port for CW2K gatekeeper)

8088 (HIOP port for CW2K gatekeeper)

514/tcp (RCP port)

7500/tcp (default port; alternate port: 42351/tcp) (ESS Listening port)

7588/tcp (default port; alternate port: 42353/tcp) (ESS Routing port)

7500/udp (default port; alternate port: 42350/udp (ESS Service port)