Db2 for z/OS & Db2ZAI

 View Only

 Is it possible to disable the non-SSL DDF port without stop start of DB2 member.

Leo de Jong's profile image
Leo de Jong posted Thu August 07, 2025 10:23 AM

Hi all,

Our security officer require us to disable all the non-SSL DB2 ports.
According the manual, the standard procedure is to stop the DB2 (member), run DSNJU004 and set the default port equal to the SECPORT value.

But from operational point of view it would be handy to do this online.
I all ready tried to remove the port reservation in TCP/Ip but then DDF will not start up at all.

Any ideas?


Leo de Jong
Db2 sysprog @ Rabobank

Mike Brauweiler's profile image
Mike Brauweiler posted Fri August 08, 2025 08:56 AM

Have you tried -MODIFY DDF PORT(1.2.3.4) SECPORT(5.6.7.8)  ?

Soledad Martinez's profile image
Soledad Martinez IBM Champion posted Tue August 12, 2025 08:04 AM

Hello Leo, 

I am not 100% sure and cannot test that, but I would give a try to stop just the DDF, not the member and try it with a MODIFY DDF as Mike told you. Did you try it?

I did something similar with the ALIAS at a Data Sharing, and for being able to do it I had to STOP the ALIAS first. These are my notes when I remove the nonsecure port from an alias and letting just the Secure one:

1.       DB2J DIS DDF DETAIL             

2.       DB2J modify ddf alias(D2TALIA1) STOP   

3.       DB2J modify ddf alias(D2TALIA1) NPORT          

4.       DB2J modify ddf alias(D2TALIA1) START

5.       DB2J DIS DDF DETAIL  

And this screenshot explaning to myself why I had to stop the ALIAS

DSNL313I - IBM Documentation

I know you were not asking this but just in case it helps.

Thanks,

 

Related Content