Windows firewall settings
If Windows Firewall is enabled on the machine on which Service Virtualization is installed, requests from remote services to Service Virtualization are blocked. To enable the required TCP/HTTP communication, Service Virtualization adds a set of exceptions to the Firewall. This set of inbound rules is maintained automatically by Service Virtualization, and does not generally require any manual configuration.
To change the automatic configuration settings, see Windows firewall and TCP port configuration.
For TCP listeners, a firewall exception is created for the Service Virtualization Server and Designer executable files.
For HTTP listeners, Service Virtualization uses the .NET HttpListener component to listen for HTTP/HTTPS requests. Service Virtualization cannot define an exception for the HttpListener executable itself, because HttpListener runs in a separate kernel process and is shared by all applications running on the machine. Instead, a firewall exception is created for all ports where the HttpListener component is used by the Service Virtualization Designer or Server to listen for HTTP/HTTPS requests.
The Service Virtualization components use the listeners as follows:
- SSL component of the HTTP Proxy agent
The Service Virtualization installer creates a firewall exception for the Service Virtualization Server and Designer executables.
- HTTP Gateway agent
- HTTP port of the HTTP Proxy agent
- JDBC agent
- Service Virtualization Management API endpoint in unsecured mode
- HTTPS Gateway agent
- Service Virtualization Management API endpoint in secured mode
Service Virtualization creates firewall exceptions for the specific ports that the agents use, makes the relevant URL reservations, and registers an SSL certificate for each port listening for HTTPS requests.
Note: All firewall rules that Service Virtualization creates are removed if the product is uninstalled.
The default inbound rules that Service Virtualization creates during installation of the Designer or when the Server is run for the first time are as follows:
- Rules with specified ports are used by the System HTTP Listener server, and not directly by Service Virtualization. The ports are open for any program running on the machine.
- Rules that are assigned directly to the Service Virtualization applications enable the Service Virtualization agents to access TCP ports directly.
|Service Virtualization Designer||VirtualServiceDesigner||Any|
|Service Virtualization Designer (HTTP Gateway)||Any||7200|
|Service Virtualization Designer (HTTP Proxy)||Any||7201|
|Service Virtualization Designer (HTTPS Gateway)||Any||7205|
|Service Virtualization Designer (Java SE 6/7 JDBC)||Any||7288|
|Service Virtualization Designer
|Service Virtualization Server||HP.SV.StandaloneServer||Any|
|Service Virtualization Server (HTTP Gateway)||Any||6070|
|Service Virtualization Server (HTTP Proxy)||Any||6071|
|Service Virtualization Server (HTTPS Gateway)||Any||6075|
|Service Virtualization Server (Java SE 6/7 JDBC)||Any||6088|
Service Virtualization Server (RestManagementService)
|Service Virtualization Management (HTTP Server)||Any||6086|
To review the current Windows firewall settings for Service Virtualization:
- In Windows Control Panel, open Windows Firewall.
- Select Advanced Settings to open Windows Firewall with Advanced Security.
Select Inbound Rules, and sort by group.
The rules defined for Service Virtualization start with Service Virtualization Designer or Service Virtualization Server.
All rules are created by Service Virtualization for the Windows Firewall Private profile, using TCP protocol, and are enabled by default.