Page tree
    Skip to end of metadata
    Go to start of metadata

    This topic lists the default ports and protocols used by the various product components, depending on user roles and permissions.

    The following information is useful for one-time configurations, daily operations, and understanding how various product components communicate with one another. This information can also be used to decide which ports to open, depending on your security requirements. 

    Note

    For a single server deployment, the Indexer and Configuration Database ports are not accessible from other hosts (by default). In this case, you do not need to set up a firewall for these ports.

    Related topics
    FromToDefault PortProtocol
    Daily operations
    CLI/web browserConsole Server9797
    (configurable)
    HTTP
    CLI/web browserConsole Server 9443
    (configurable)
    HTTPS 
    Data collection
    Collection Agent

    Collection Station

    (Configuration Channel)

    8080
    (configurable)
    HTTP
    Collection Agent

    Collection Station

    (Payload Service)

    41414
    (configurable)
    Avro

    Collection Station

    OR

    Collection Agent

    Managed node from which data must be collected remotely

    (Monitor File over SSH and Monitor Script over SSH data collector)

     

    22SSH

    Collection Station

    OR

    Collection Agent

    Managed node from which data must be collected remotely

    (Monitor file over windows share data collector)

    445SMB

    Collection Station

    OR

    Collection Agent

    Managed node from which data must be collected remotely.

    (Remote windows event data collector)

    5985PowerShell Remoting Protocol

    Managed node from which data must be collected remotely

    (TCP/UDP data collector)

    Collection Station

    OR

    Collection Agent

    514

    (Configurable)
    TCP/UDP

    Managed node from which data must be collected remotely

    (HTTP/HTTPS data collector)

    Collection Station

    OR

    Collection Agent

    8888

    (Configurable)
    HTTP/HTTPS

    Internal communications between the product components

    *The following ports are internal and do not require any firewall changes for a single-server deployment.

    Console ServerSearch9797
    (configurable)
    HTTP
    Search9443
    (configurable)
    HTTPS
    Console ServerConfiguration Database9999
    (configurable)
    JDBC
    SearchConfiguration Database9999
    (configurable)
    JDBC
    Collection StationConfiguration Database9999
    (configurable)
    JDBC
    Console ServerIndexer9300
    (configurable)
    TCP
    SearchIndexer9300
    (configurable)
    TCP
    Collection StationIndexer9300
    (configurable)
    TCP
    Console ServerCollection Station

    8080

    (configurable)

    HTTP
    Communication between product components and integrations
    Search

    SMTP server

    (SMTP server used for sending email)

    25SMTP
    Console Server

    SMTP server

    (SMTP server used for sending email)

    25SMTP
    Search

    ProactiveNet server

    (Operations Console)

    80

    (configurable)

    HTTP
    SearchTrueSight Presentation Server

    443

    (configurable)

    HTTPS
    Collection Station

    ProactiveNet server

    (Event management)

    1828
    (configurable)
    TCP
    Search

    ProactiveNet server

    (Event management)

    Console ServerAtrium Single-Sign On server

    8443

    (configurable)

    HTTPS

    Search

    Remedy AR Server

    8008

    (configurable)

    HTTP

    8443

    (configurable)

    HTTPS
    Internal firewalls to be opened for Indexer communications
    Indexer

    Collection Station, Console Server, and Search

    9305 to 93991TCP

    1Note: Ensure that ports 9305, 9306, and 9307 are open. These ports are used in the order in which the Collection Station, Console Server, and Search services are started. Keep in mind, that if the Collection Station, Console Server, and Search components are located on the same host, then all the three ports are used. However, if the components are on separate hosts, then these components might use the same 9305 port.

    Example: On a single server, suppose the Collection Station was started first, followed by the Console Server, and finally followed by the Search component. In this scenario, the ports will be used in the following order:

    • 9305: Used for communicating with the Collection Station.
    • 9306: Used for communicating with the Console Server.
    • 9307: Used for communicating with the Search component.

    You need to ensure that the preceding ports are not in use. If one or more of these ports are already in use, the next available ports will be used. These ports can fall in the range, 9305 to 9399. If you are not sure whether one or more of these ports is in use, you can open all the ports in the available range.

    For more information about the ports required for an HTTPS connection, see the instructions for configuring a secured connection.