Windows firewall settings

If Windows Firewall is enabled on the machine on which Service Virtualization is installed, requests from remote services to Service Virtualization are blocked. To enable the required TCP/HTTP communication, Service Virtualization adds a set of exceptions to the Firewall. This set of inbound rules is maintained automatically by Service Virtualization, and does not generally require any manual configuration.

To change the automatic configuration settings, see Windows firewall and TCP port configuration.

Overview

For TCP listeners, a firewall exception is created for the Service Virtualization Server and Designer executable files.

For HTTP listeners, Service Virtualization uses the .NET HttpListener component to listen for HTTP/HTTPS requests. Service Virtualization cannot define an exception for the HttpListener executable itself, because HttpListener runs in a separate kernel process and is shared by all applications running on the machine. Instead, a firewall exception is created for all ports where the HttpListener component is used by the Service Virtualization Designer or Server to listen for HTTP/HTTPS requests.

The Service Virtualization components use the listeners as follows:

TCP Listener:

  • SSL component of the HTTP Proxy agent
  • IMS agent

  • CICS TG

The Service Virtualization installer creates a firewall exception for the Service Virtualization Server and Designer executables.

.NET HttpListener

  • HTTP Gateway agent
  • HTTP port of the HTTP Proxy agent
  • JDBC agent
  • Service Virtualization Management API endpoint in unsecured mode
  • HTTPS Gateway agent
  • Service Virtualization Management API endpoint in secured mode

Service Virtualization creates firewall exceptions for the specific ports that the agents use, makes the relevant URL reservations, and registers an SSL certificate for each port listening for HTTPS requests.

Note: All firewall rules that Service Virtualization creates are removed if the product is uninstalled.

Back to top

Default Windows firewall settings

The default inbound rules that Service Virtualization creates during installation of the Designer or when the Server is run for the first time are as follows:

  • Rules with specified ports are used by the System HTTP Listener server, and not directly by Service Virtualization. The ports are open for any program running on the machine.
  • Rules that are assigned directly to the Service Virtualization applications enable the Service Virtualization agents to access TCP ports directly.
Name Program Port
Service Virtualization Designer VirtualServiceDesigner Any
Service Virtualization Designer (HTTP Gateway) Any 7200
Service Virtualization Designer (HTTP Proxy) Any 7201
Service Virtualization Designer (HTTPS Gateway) Any 7205
Service Virtualization Designer (Java SE 6/7 JDBC) Any 7288
Service Virtualization Designer

(RestManagementService)

Any 7280
Service Virtualization Server HP.SV.StandaloneServer Any
Service Virtualization Server (HTTP Gateway) Any 6070
Service Virtualization Server (HTTP Proxy) Any 6071
Service Virtualization Server (HTTPS Gateway) Any 6075
Service Virtualization Server (Java SE 6/7 JDBC) Any 6088

Service Virtualization Server (RestManagementService)

Any

6080 (secured)

or

6085 (secured)

Service Virtualization Management (HTTP Server) Any 6086

Back to top

Checking Windows firewall settings

To review the current Windows firewall settings for Service Virtualization:

  1. In Windows Control Panel, open Windows Firewall.
  2. Select Advanced Settings to open Windows Firewall with Advanced Security.
  3. Select Inbound Rules, and sort by group.

    The rules defined for Service Virtualization start with Service Virtualization Designer or Service Virtualization Server.

    All rules are created by Service Virtualization for the Windows Firewall Private profile, using TCP protocol, and are enabled by default.

Back to top