Configure the External Communication Channel (ECC) firewall in your MID Server by specifying the custom rules to selectively allow or reject the incoming message and override the Code Signing configuration.

Security administrators can use the ECC firewall tags to override the Code Signing configuration and allow or reject specific operations on MID Server. These custom rules must be specified in the YAML file of the located at: agent/boot-config.yaml.
These tags are specific to a protocol. The configuration specified for the parent tag is applicable to the child tag. For example, if Http protocol is allowed, rest and soap protocols are also allowed. This table outlines the available parents and child tags.
Parent tagChild tag
DNS
HTTP
  • REST
  • SOAP
DIRECTORY_SERVICES LDAP
SNMP
SSH
  • SCP
  • SFTP
SYSLOG
WINDOWS
  • CIM
  • POWERSHELL
  • WMI
  • WINRM
JAVASCRIPT
GROOVY
VCS GIT
DATABASES JDBC
DATA_SOURCES
INTEGRATION_HUB
ITOM
  • CLOUD_PROVISIONING_GOVERNANCE
  • DISCOVERY
  • EVENT_MANAGEMENT
  • HEALTH_LOG_ANALYTICS
  • SERVICE_MAPPING
ORCHESTRATION
To configure the custom rules:
  1. In the MID Server, identify the file boot-config-sample.yaml.
  2. Rename the YAML file to boot-config.yaml and move the file to the location: agent/boot-config.yaml.
  3. In the YAML file, specify the custom rules and save the changes. An example of the YAML file:
    security:​
  eccFirewall:​
    mode: enforcing​
    rules:​
      - tags: [rest]​
        action: accept​
      - tags: [soap]​
        action: accept​
      - tags: [jdbc]​
        action: reject​
  4. Restart the MID Server.