Troubleshooting Windows firewall ports
The topics in this section describe how to troubleshoot issues with Microsoft Windows firewall ports.
Application ports that must not be blocked
The following ports must be open on the BMC Network Automation application server:
Service | Protocol | Port or other permission |
---|---|---|
Web, unsecure | TCP | 80 |
Web, secure | TCP | 443 |
FTP | TCP | 20 and 21 |
SCP | TCP | 22 |
SSH | TCP | 4000 |
TFTP | UDP | 69 |
Syslog | UDP | 514 |
Ping | ICMP | Allow inbound and outbound ICMP echo requests and responses |
Note
Some of these ports could have been changed when the product was installed.
The SSH proxy port 4000 could have been changed through the global.properties file settings.
The Syslog port 514 could have been changed through editing of the local device agent.
Unblocking ports
When installing the application server on a Windows platform that uses a firewall, ensure appropriate application ports are not blocked.
To unblock ports in the Windows Firewall that you plan to use in the product, follow the instructions in the following topics.
To allow connections to the TFTP server on Windows while running the firewall
The Windows installation process installs a TFTP server. In the Windows Firewall window, click the Exceptions tab, click Add Program, and then browse to and select C:\Program Files\BMC Software\BCA-Networks\tftpd\TFTPServer.exe.
To allow connections to another FTP server on Windows while running the firewall
These instructions assume that you have already installed a third-party FTP server other than TFTP (see Installing an FTP server on Windows).
In the Windows Firewall window, click the Exceptions tab, click Add Program, and then browse to and select the executable file name of the FTP server. In some cases the FTP server runs under a command interpreter or virtual machine such as the Java Runtime Engine (JRE).
To allow connections to a SSH server on Windows while running the firewall
These instructions assume you have already installed an SSH/SCP server, such as openssh (see Installing an SSH and SCP server on Windows).
- In the Windows Firewall window, click the Exceptions tab, and then click Add Port.
- In the Add a Port screen, enter the name and port number of the server.
- Select the TCP or UDP option.
- Click OK.
To allow connections to the syslog server on Windows while running the firewall
- In the Windows Firewall window, click the Exceptions tab, and then click Add Port.
- Enter the name and port number of the syslog server.
- Select TCP.
- Click OK.
To allow connections to the BMC Network Automation web server on Windows while running the firewall
- In the Windows Firewall window, click the Exceptions tab.
- Click Add Program.
Browse to and select C:\Program Files\BMC Software\BCA-Networks\tomcat\bin\tomcat7.exe.
Note
The BMC Network Automation web server is based on the Apache Tomcat Java servlet engine. The executable name tomcat7.exe can be different in other versions of BMC Network Automation.
Comments