This documentation refers to a previously released version of BMC Discovery.
See the information on this topic for the latest version (11.2) or version 11.1.

BMC Discovery is built as an appliance that is not intended to have any additional software installed on it, with the single exception of BMC PATROL.

You install BMC PATROL using the BMC Installation Utility. BMC PATROL documentation is available on the BMC documentation portal, along with a selection of PDF documentation including the Installation Utility Reference Manual. You must log in to the BMC documentation portal to view this content.

This section describes the additional steps required to modify the BMC Discovery firewall. If you are unsure of any of the steps described, contact Customer Support.

BMC PATROL requires additional ports to be open in the BMC Discovery firewall. They are:

  • 50001 — required during installation only. Must be closed after installation.
  • 3181 — required during operation of BMC PATROL. 3181 is the default port. If your installation of BMC PATROL uses a custom port, you should open that one instead.
  • 2059 — required during operation of BMC PATROL for connection to BMC Real Time server (RTserver).
  • 3183 — optional during operation of BMC PATROL for connection to BMC Proactive Performance Management (BPPM) Agent.

Any changes to the firewall configuration are reflected in the baseline status. You should rebaseline after making these changes.

Fallback firewall configuration

When BMC Discovery is installed, the default firewall is copied to create a fallback firewall.

IP
version

Default firewall

Fallback firewall

IPv4

/etc/sysconfig/iptables

/etc/sysconfig/iptables.fallback

IPv6

/etc/sysconfig/ip6tables

/etc/sysconfig/ip6tables.fallback

When the iptables or ip6tables services are restarted and the service fails because the default configurations have errors, the service will now attempt to use the appropriate fallback file instead.

To install BMC PATROL on a BMC Discovery system

This procedure provides detailed steps for modifying the BMC Discovery firewall. For the steps concerning the installation of BMC PATROL, you should consult the BMC PATROL documentation.

  1. Back up iptables. As the root user, enter:

    cp /etc/sysconfig/iptables /etc/sysconfig/iptables.backup
  2. Add the following line to /etc/sysconfig/iptables before the lines beginning -A INPUT

    -A INPUT -p tcp -m tcp --dport 50001 -j ACCEPT
  3. Save the changes.
  4. Restart the firewall. Enter:

    /sbin/service iptables restart
  5. Download the BMC PATROL Agent web installer to BMC Discovery.
  6. Run the installer using the serveronly option. Consult the BMC PATROL installation instructions for full information on the installation.
  7. When you have installed BMC PATROL, close port 50001 and open port 3181 (or the custom port that your BMC PATROL installation uses) and port 2059. To do this, replace the line entered to open port 50001 with the following:

    -A INPUT -p tcp -m tcp --dport 3181 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 2059 -j ACCEPT
  8. If you intend to use the BPPM Agent, add the following line:

    -A INPUT -p tcp -m tcp --dport 3183 -j ACCEPT
  9. Save the changes.
  10. Restart the firewall. Enter:

    /sbin/service iptables restart
Was this page helpful? Yes No Submitting... Thank you