Page tree
Skip to end of metadata
Go to start of metadata

This topic lists the default ports and protocols used by the various product components, depending on user roles and permissions.

The following information is useful for one-time configurations, daily operations, and understanding how various product components communicate with one another. This information can also be used to decide which ports to open, depending on your security requirements. 

Note

For a single server deployment, the Indexer and Configuration Database ports are not accessible from other hosts (by default). In this case, you do not need to set up a firewall for these ports.

Related topics
FromToDefault PortProtocol
Daily operations
CLI/web browserConsole Server9797
(configurable)
HTTP
CLI/web browserConsole Server 9443
(configurable)
HTTPS 
Data collection
Collection Agent

Collection Station

(Configuration Channel)

8080
(configurable)
HTTP
Collection Agent

Collection Station

(Payload Service)

41414
(configurable)
Avro

Collection Station

OR

Collection Agent

Managed node from which data must be collected remotely

(Monitor File over SSH and Monitor Script over SSH data collector)

 

22SSH

Collection Station

OR

Collection Agent

Managed node from which data must be collected remotely

(Monitor file over windows share data collector)

445SMB

Collection Station

OR

Collection Agent

Managed node from which data must be collected remotely.

(Remote windows event data collector)

5985PowerShell Remoting Protocol

Managed node from which data must be collected remotely

(TCP/UDP data collector)

Collection Station

OR

Collection Agent

514

(Configurable)
TCP/UDP

Managed node from which data must be collected remotely

(HTTP/HTTPS data collector)

Collection Station

OR

Collection Agent

8888

(Configurable)
HTTP/HTTPS

Internal communications between the product components

*The following ports are internal and do not require any firewall changes for a single-server deployment.

Console ServerSearch9797
(configurable)
HTTP
Search9443
(configurable)
HTTPS
Console ServerConfiguration Database9999
(configurable)
JDBC
SearchConfiguration Database9999
(configurable)
JDBC
Collection StationConfiguration Database9999
(configurable)
JDBC
Console ServerIndexer9300
(configurable)
TCP
SearchIndexer9300
(configurable)
TCP
Collection StationIndexer9300
(configurable)
TCP
Console ServerCollection Station

8080

(configurable)

HTTP
Communication between product components and integrations
Search

SMTP server

(SMTP server used for sending email)

25SMTP
Console Server

SMTP server

(SMTP server used for sending email)

25SMTP
Search

ProactiveNet server

(Operations Console)

80

(configurable)

HTTP
SearchTrueSight Presentation Server

443

(configurable)

HTTPS
Collection Station

ProactiveNet server

(Event management)

1828
(configurable)
TCP
Search

ProactiveNet server

(Event management)

Console ServerAtrium Single-Sign On server

8443

(configurable)

HTTPS

Search

Remedy AR Server

8008

(configurable)

HTTP

8443

(configurable)

HTTPS
Internal firewalls to be opened for Indexer communications
Indexer

Collection Station, Console Server, and Search

9305 to 93991TCP

1Note: Ensure that ports 9305, 9306, and 9307 are open. These ports are used in the order in which the Collection Station, Console Server, and Search services are started. Keep in mind, that if the Collection Station, Console Server, and Search components are located on the same host, then all the three ports are used. However, if the components are on separate hosts, then these components might use the same 9305 port.

Example: On a single server, suppose the Collection Station was started first, followed by the Console Server, and finally followed by the Search component. In this scenario, the ports will be used in the following order:

  • 9305: Used for communicating with the Collection Station.
  • 9306: Used for communicating with the Console Server.
  • 9307: Used for communicating with the Search component.

You need to ensure that the preceding ports are not in use. If one or more of these ports are already in use, the next available ports will be used. These ports can fall in the range, 9305 to 9399. If you are not sure whether one or more of these ports is in use, you can open all the ports in the available range.

For more information about the ports required for an HTTPS connection, see the instructions for configuring a secured connection.