Skip to Content

Networking configuration options for network forwarders and listeners

As a network administrator for BMC Defender Server, you have several configuration options for network forwarders and network listeners to ensure network connections and send and receive messages.

Two-way messaging

A network forwarder sends messages to a remote server. You can Enable Two-Way Messages so that the network connection can also accept messages over the same connection.

If you are using the Automated Response request, you must enable two-way messaging to accept and process messages from the mainframe.


TCP keepalive

TCP keepalive is part of the TCP networking implementation on the operating system. The mechanism helps you quickly detect a network connection issue with a remote server and prevents routers and switches from terminating an idle connection.

You can enable TCP keepalive from a network forwarder, network listener, or both, if the communication protocol is set for TCP or TCP-TLS.

The keepalive mechanism includes several timers to help ensure that you know as soon as possible about any connectivity issues:

  • TCP Keepalive Interval—Timer resets after every message the keepalive receives from the remote server

    If a message hasn't been received within the set time, a message packet is sent to the remote server. The default value is 1,000 milliseconds.
  • TCP Keepalive ACK Timeout—Timer starts after sending a keepalive packet until acknowledgement is received

    If acknowledgement is not received within the set time, the system is notified. The default value is 1,000 milliseconds.
  • TCP Socket Send Timeout—Maximum wait time for a TCP data packet to be sent, used by the operating system networking

    The default value is 1,000 milliseconds.
  • TCP Socket Receive Timeout—Timer starts for an incoming TCP packet until it is fully received

    If the packet is not fully received from the server within the set time, the system is notified. The default value is 1,000 milliseconds.

A network forwarder with TCP keepalive activated and a persistent TCP connection functions like a connection monitor, which can be used for any environment that requires a continuous network connection.


Networking configuration options for a network forwarder
Click to enlarge the image.
netFwd_tcpCommunication.png

Persistent TCP connection

You can establish a Persistent TCP Connection from a network forwarder. The persistent TCP connection immediately establishes a connection with the remote server without sending any messages on that connection. The system receives notifications when the connection is established, disconnected, and reconnected.

For example, you might set this connection to ensure that a backup server is always online and ready for failover.

If you are using the Automated Response request, you must enable a persistent TCP connection.

Message forwarding UDP Port

For a persistent TCP connection, you can designate a Message Forwarding UDP port on the local BMC Defender Server to accept messages to be forwarded. The persistent TCP connection is open in the address space of one process, while a different process filters the Automated Response messages that needs to be sent over this connection. The secondary process sends the message to the designated UDP port, which is then forwarded over the persistent forwarding connection.

Related topics

Setting-up-a-network-forwarder

Setting-up-a-network-listener-to-receive-messages-from-a-remote-server

Initiating-actions-with-Automated-Response-alerts

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Defender SIEM Correlation Server 6.2