Hi,
Is it possible to secure the connections to the brokers from only known clients? I have set up a mutual SSL acceptor which would be my prefered way to controll access but due to a legacy problem we i need to keep open a tcp connection. Problem is, how do i secure that to only allow connections from specific IP addresses? We are using Actional Intermediary as the proxy and have Sonic MQ/ESB set up as JMS only.
Regards
Grant
if you are using Linux, it is as simple as setting up a quick iptables rule. If not, you could also speak with your network team, they should be able to ensure only specific ip's or subnets can speak with your machine.
Hi,
Thanks for the reply. Unfortunatly I was hoping it wasnt going to be that answer. So I take it there is no "Sonic" way to do it. Shame as that leaves the endpoints open for connections from any unknown source.
Thanks again
Grant
I am not sure why you are saying connection is open for unknown sources, I believe you must be using the AOP to allow the connections to the users who can subscribe or publish with the connection. And if you are managing the broker, I am not sure how can someone can connect with the Broker or DS with out credentials.
I'm more talking about transport security to be honest. I was looking for ways to protect the broker before the authentication. So it seems the only way to do that is to use Mutual SSL (suported) and potentualy a firewal.
Thanks