Installing BMC PATROL on a BMC Discovery system
You install BMC PATROL using the BMC Installation Utility. BMC PATROL documentation, including the Installation Reference Manual, is available on the BMC PATROL documentation portal. You must log in to the BMC documentation portal to view this content.
This section describes the additional steps required to modify the BMC Discovery firewall. If you are unsure of any of the steps described, contact Customer Support.
BMC PATROL requires additional ports to be open in the BMC Discovery firewall. They are:
- 50001 — required during installation only. Must be closed after installation.
- 3181 — required during operation of BMC PATROL. 3181 is the default port. If your installation of BMC PATROL uses a custom port, you should open that one instead.
- 2059 — required during operation of BMC PATROL for connection to BMC Real Time server (RTserver).
- 3183 — optional during operation of BMC PATROL for connection to BMC Proactive Performance Management (BPPM) Agent.
Any changes to the firewall configuration are reflected in the baseline status. You should re-baseline after making these changes.
Fallback firewall configuration
When BMC Discovery is installed, the default firewall is copied to create a fallback firewall.
| IP  | Default firewall | Fallback firewall | 
|---|---|---|
| IPv4 | /etc/sysconfig/iptables | /etc/sysconfig/iptables.fallback | 
| IPv6 | /etc/sysconfig/ip6tables | /etc/sysconfig/ip6tables.fallback | 
When the iptables or ip6tables services are restarted and the service fails because the default configurations have errors, the service will now attempt to use the appropriate fallback file instead.
To modify the BMC Discovery firewall to work with BMC PATROL
This procedure provides detailed steps for modifying the BMC Discovery firewall. For the steps concerning the installation of BMC PATROL, you should consult the BMC PATROL documentation.
- Back up iptables. As the root user, enter: cp /etc/sysconfig/iptables /etc/sysconfig/iptables.backup
- Add the following line to /etc/sysconfig/iptables before the lines beginning -A INPUT -A INPUT -p tcp -m tcp --dport 50001 -j ACCEPT
- Save the changes.
- Restart the firewall. Enter: /bin/systemctl restart iptables.service
- Download the BMC PATROL Agent web installer to BMC Discovery.
- Run the installer using the serveronly option. Consult the BMC PATROL installation instructions for full information on the installation.
- When you have installed BMC PATROL, close port 50001 and open port 3181 (or the custom port that your BMC PATROL installation uses) and port 2059. To do this, replace the line entered to open port 50001 with the following: -A INPUT -p tcp -m tcp --dport 3181 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 2059 -j ACCEPT
- If you intend to use the BPPM Agent, add the following line: -A INPUT -p tcp -m tcp --dport 3183 -j ACCEPT
- Save the changes.
- Restart the firewall. Enter: /bin/systemctl restart iptables.service
