Specify custom rules in ECC firewall

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Configure the External Communication Channel (ECC) firewall in your MID Server by specifying the custom rules to selectively allow or reject the incoming message and override the Code Signing configuration.

    Security administrators can use the ECC firewall tags to override the Code Signing configuration and allow or reject specific operations on MID Server. These custom rules must be specified in the YAML file of the located at: agent/boot-config.yaml.
    These tags are specific to a protocol. The configuration specified for the parent tag is applicable to the child tag. For example, if Http protocol is allowed, rest and soap protocols are also allowed. This table outlines the available parents and child tags.
    Parent tag Child tag
    DNS
    HTTP
    • REST
    • SOAP
    DIRECTORY_SERVICES LDAP
    SNMP
    SSH
    • SCP
    • SFTP
    SYSLOG
    WINDOWS
    • CIM
    • POWERSHELL
    • WMI
    • WINRM
    JAVASCRIPT
    GROOVY
    VCS GIT
    DATABASES JDBC
    DATA_SOURCES
    INTEGRATION_HUB
    ITOM
    • CLOUD_PROVISIONING_GOVERNANCE
    • DISCOVERY
    • EVENT_MANAGEMENT
    • HEALTH_LOG_ANALYTICS
    • SERVICE_MAPPING
    ORCHESTRATION
    To configure the custom rules:
    1. In the MID Server, identify the file boot-config-sample.yaml.
    2. Rename the YAML file to boot-config.yaml and move the file to the location: agent/boot-config.yaml.
    3. In the YAML file, specify the custom rules and save the changes. An example of the YAML file:
      security:​
  eccFirewall:​
    mode: enforcing​
    rules:​
      - tags: [rest]​
        action: accept​
      - tags: [soap]​
        action: accept​
      - tags: [jdbc]​
        action: reject​
    4. Restart the MID Server.