0 / 0
Configuring firewall access

Configuring firewall access

Firewalls protect valuable data from public access. If your data sources reside behind a firewall for protection, and you are not using a Satellite Connector or Satellite location, then you must configure the firewall to allow the IP addresses for Cloud Pak for Data as a Service and also for individual services. Otherwise, Cloud Pak for Data as a Service is denied access to the data sources.

To allow Cloud Pak for Data as a Service access to private data sources, you configure inbound firewall rules using the security mechanisms for your firewall. Inbound firewall rules are not required for connections that use a Satellite Connector or Satellite location, which establishes a link by performing an outbound connection. For more information, see Connecting to data behind a firewall.

All services in Cloud Pak for Data as a Service actively use WebSockets for the proper functioning of the user interface and APIs. Any firewall between the user and the Cloud Pak for Data as a Service domain must allow HTTPUpgrade. If Cloud Pak for Data as a Service is installed behind a firewall, traffic for the wss:// protocol must be enabled.

Configuring inbound access rules for firewalls

If data sources reside behind a firewall, then inbound access rules are required for Cloud Pak for Data as a Service. Inbound firewall rules protect the network against incoming traffic from the internet. The following scenarios require inbound access rules through a firewall:

Learn more

Parent topic: Setting up the platform for administrators

Generative AI search and answer
These answers are generated by a large language model in watsonx.ai based on content from the product documentation. Learn more