Port list in R12.1

Hi Erman,

I am looking for an official note to report port list in order to open the flow for the application.

Thanks in advance for your help.

Regards,
Latifa

Hi,

Note 403537.1 Best Practices for Securing Oracle E-Business Suite Release 12..
There is PDF attacched to that document.(Oracle® Applications Installation Guide: Using Rapid Install Release 12 Part No. B31295-07)
Download and open it.
In that pdf, see -> "Appendix E: Ports used by Oracle E-Business Suite"

Thank you very much Erman. I found easily the one corresponding to r12.2 but not this one.

Regards,
Latifa

Hi again Erman,

I still have one more question. How can describe flow between machines to open the ports flow (source --> destination).
There are comment in the table but not very explicit to describe which server should communicate with the other one (and sometimes there is no comments).

Thanks in advance for your help.

Regards,
Latifa

Which machines?
What kind of an environment are you trying to build?

DB in RAC (2 nodes)
3 Concurrent processing servers
3 Application Servers

Between the apps servers(including concurrent processing ones) and the database server, you should open the db port. That's it.

Apache listen port for the connection between clients and the apps servers. (opening the forms port should not be necessary when running in servlet mode)

However, between the apps servers.. It is a hard question.
I don't think, any additional ports are necessary between the apps servers.
Especially, if we take the DMZ configuration as an example...

However, there are certain cases, where you may need to open some additional ports even between the apps and db servers..

For ex: Some of the Oracle E-Business Suite modules like Oracle Configurator use UTL_HTTP package to communicate from the database to the application tier where the web server is installed. This is done over the HTTP(s) protocol. So, if there is a firewall configured between the application and database tier, http port must be opened on this firewall for this communication to succeed (Reference Oracle Support)

Also, if you are using Distributed Oracle Java Object Cache Functionality, then you need to open additional ports as well.

so, It may change according to your environment

So, I suggest you to test it.

Open the listener port between the apps and db
Open the web port between the apps and clients. (if the forms is running in servlet mode)
open the web port between apps servers (sometimes concurrent tier may need to reach the web port of the web related apps servers)
Do your tests, update me with the outcome.

I understand the firewall/or even firewalls between the DMZ apps servers and internal apps servers, but why are you putting a firewall between your internal EBS apps servers? Very tight security..

An example: if someone takes control of an internal apps server, it reaches the DB directly.
DB is the place, where your sensitive data resides.
So , firewall between your internal apps servers becomes a little unneeded here. At least for this case , as that someone will not try to break your apps nodes, that someone will directly go to db, because you have the listener port open between db and apps.. see..