Securing Oracle JD Edwards EnterpriseOne with Windows Firewall

EnterpriseOne Windows Firewall

On one of the Oracle JD Edwards EnterpriseOne installations that I manage, we have a few Windows 2003 Servers. Yeah, I know, it’s no longer supported but the Tools Release is 8.98.4.7 and there are a couple third-party applications that are not able to be upgraded. It’s crazy how messy, real-life situations cannot be duplicated in the squeaky-clean confines of the Oracle lab.

Since Windows 2003 Server is no longer supported by Microsoft, our IT Security Team has tried locking down these servers using several different methods. One of them has been to try and implement a software firewall on the server itself. Unfortunately, any third-party solution that we tried had such a negative impact on the performance of EnterpriseOne that we had to remove it. So, they asked that we turn on the Windows Firewall. While not as robust as they would have liked, it would provide another layer of security.

The good thing about the Windows Firewall, other than how simple it is, is that it shuts down all communication and only allows what you specify. That means, for EnterpriseOne to function, you need to make sure that all the applications and ports are allowed through the firewall. There were a few different documents that I used to come up with the correct recipe for successfully securing Oracle JD Edwards EnterpriseOne with Windows Firewall:

The easiest way to access the Windows Firewall settings is to go to [Start] -> Run -> firewall.cpl. I created a shortcut to firewall.cpl on the desktop to make it easier.

The following is a breakdown of what I came up with but since everyone’s configuration is different (CNC = Configurable Network Computing) your mileage may vary.

  • Made the following change to the jde.ini of the affected Windows Server:
    enablePredefinedPorts=1
  • Specified the following applications
    • E:\JDE_HOME\jdk\jre\bin\java.exe – Used by the JDE Server Manager
    • E:\JDEdwards\E900\DDP\system\bin32\jdenet_k.exe – Part of JDE Services
    • E:\JDEdwards\E900\DDP\system\bin32\jdenet_n.exe – Part of JDE Services
    • E:\JDE_HOME\bin\scfagent_64.exe – Used by the JDE Server Manager
    • E:\JDEdwards\E900\DDP\system\bin32\jdesnet.exe – Part of JDE Services
  • Specified the following ports
    • Oracle_Database_Port – Oracle DB communication port 1521
    • Server_Manager_Port – Oracle JDE Server Manager port 14501
    • Server_Manager_Port – Oracle JDE Server Manager port 14502
    • Server_Manager_Port – Oracle JDE Server Manager port 14503
  • Specified the following ports that correspond to the enablePredfinedPorts setting above:
    • Oracle_E1_Port_6015 – 6015
    • Oracle_E1_Port_6016 – 6016
    • Oracle_E1_Port_6017 – 6017
    • Oracle_E1_Port_6018 – 6018
  • Allowed PING for monitoring server availability by using the [Advanced] tab
    Windows Firewall Ping

There were a few more settings that I added to allow for our third-party applications but those are not related to EnterpriseOne.

Do you have any other tips or tricks to get Oracle JD Edwards EnterpriseOne to work with Windows Firewall?

Submit a Tip or Trick

2 Responses

  1. Windows 2003 Firewall Rules Allow UNC Access To Shared Folders - E1Tips.com

    […] A couple weeks ago I wrote a post about setting up Windows Firewall on a Windows 2003 Server running Oracle JD Edwards EnterpriseOne. […]

  2. オロナイン 鼻 塗るだけ

    It’s awesome to pay a visit this site and reading the views of all mates concerning this article, while I am also keen of
    getting familiarity.

Leave a Reply