Default installation accepts service requests and management requests on 8443 and 9443.
The default Gateway configuration listens on port 8080 for standard service requests and port 8443 for encrypted service requests over SSL. Administrative requests from the Policy Manager take place over port 8443. The browser version of the Policy Manager is accessed by either port 8443 or 9443....If the default endpoints are changed during configuration of the Gateway, or later by the Policy Manager, the network firewalls must be reconfigured to reflect these changes.https://docops.ca.com/ca-secure-cloud-for-service-providers/1-57/EN/files/352565916/352565917/1/1427481014139/Layer7_ins…
I would like to isolate service requests and management requests, but I am unable to find documentation on how the default can be changed. Is there additional documentation on how to change the defaults?
Policy Manager can be configured on any secure listen port and a port can be configured to a specific NIC/Interface, thus you should be able to block access to external PM connections. See Listen Port Properties - CA API Gateway - 8.4 - CA Technologies Documentation for the background.
You will need at least two ports with PM access as you can not reconfigure a listen port when a active policy manager is connected.
If you need assistance setting this up then raise a support case and either myself or one of my colleagues can assist.
Hi bsconsulting ,
As Clark said, the listen port property "Policy Manager access" on listen port properties -> [Basic settings] tab, will determine if policy manger can access gateway on this port.