A system server running a JMX/RMI service that does not require users to authenticate.

Block access port 2595 from outside the server while allowing access from within the server.

Follow steps below to block port 2595:

1. From the Appliance server, open the Local Security Policy via the gpedit.msc.
2. Under the Security Settings, click on IP Security Policies on Local Computer
3. Double click on New IP Security Policy to create a new policy.
4. In the General tab, change the Check for policy changes every: to 10 minutes.
5. From the Rules tab, click on the Add... button and click Next
6. Select the default option to select All network connections
7. Under IP Filter List, click on Add... and call it BlockExternal.
8. Set the Source Address: Any IP Address
9. Set the Destination to: A Specific IP Address or subnet
10. Add the IP address of Clearwell server.
11. Select the protocol type: TCP
12. Set the IP protocol port: From Any Port and To this Port: 2595.
13. Click Next and then Finish to save.
14. From the Edit Rule Properties, select Filter Action tab.
15. Click on Add... and call it EncryptConnection.
16. Select the defaults Negotiate Security then all defaults and save the Filter Action.
17. Right click on the New IP Security Policy and Assign.
18. Restart Clearwell Services.

All access to port 2595 now is blocked from any IP address, but the access is still possible locally on the Clearwell server. Java and Clearwell should operate normally.

Note: For a Distributed Architecture (DA) environment, the Source Address in Step 8 must be specified  as in Step 9 to avoid other node(s) in the same environment going off-line.