Configuring firewall access

Firewalls protect valuable data from public access. If your data sources reside behind a firewall for protection, and you are not using Satellite Link or Secure Gateway for connections, then you must configure the firewall to allow the IP addresses for Cloud Pak for Data as a Service and also for individual services. Otherwise, Cloud Pak for Data as a Service is denied access to the data sources.

To allow Cloud Pak for Data as a Service access to private data sources, you configure inbound firewall rules using the security mechanisms for your firewall. Inbound firewall rules are not required for connections that use either a Satellite Link or Secure Gateway, as both establish a link by performing an outbound connection.

All services in Cloud Pak for Data as a Service actively use WebSockets for the proper functioning of the user interface and APIs. Any firewall between the user and the Cloud Pak for Data as a Service domain must allow HTTPUpgrade. If Cloud Pak for Data as a Service is installed behind a firewall, traffic for the wss:// protocol must be enabled.