Secure the application server Web container
Secure the transport channel
We secured the transport channel for the Web container already in Secure the transport channel between the Web server and WebSphere. For internal communication between Web and EJB containers, WebSphere uses IIOP, and the internal communication is protected by default when you enable WebSphere Global Security. Because a WebSphere cell is often located behind a second firewall, it is not necessary to protect internal IIOP transport channels, but if we need to do that, refer to 7.5.3, RMI/IIOP transport channel protection.