Network ports
The following table explains the default configurations of protocols and ports for different services.
Service | Port | Protocol | Flow | Function | Default state | Port configurable | Notes |
|---|---|---|---|---|---|---|---|
HTTPS | 443 | TCP | Inbound | Management UI | Enabled | Yes | Hardened Apache/Tomcat |
HTTPS | 443 | TCP | Inbound | Log retrieval | Disabled | Yes |
|
HTTPS | 443 | TCP | Outbound | Communication between the following components and systems:
| Enabled | Yes | If the two components using this port are on different sides of a firewall, make sure to allow traffic through the port on your firewall. Use port 4443 for communications between the Cloud Probe and APM Central (if the default ports are in use). |
HTTP | 80 | TCP | Inbound | Redirect to 443 for UI | Enabled | Yes | Hardened Apache/Tomcat |
HTTP | 80 | TCP | Inbound | Log retrieval | Disabled | Yes |
|
SSH (CLI) | 22 | TCP | Inbound | Initial configuration | Disabled | No | Only SSHv2 supported For troubleshooting, the command-line interface (CLI) of all components requires access via port 22 (SSH). |
SNMP | 161 | UDP | Inbound | SNMP polling | Disabled | Yes | v1/v2/v3 supported v3 security optional |
SNMP | 162 | UDP | Outbound | SNMP traps (including communication from the Analyzer to trap-based event integrations with BMC PATROL and BMC ProactiveNet) | Disabled | Yes | v1/v2/v3 supported v3 security optional |
SMTP | 25 | TCP | Outbound | Email alerts/reports | Disabled | Yes | Secure STARTTLS authentication optional |
SMTP | 465 | TCP | Outbound | Email alerts/reports | Disabled | Yes | Secure SMTPS authentication optional |
Syslog | 514 | UDP | Outbound | System events | Disabled | No |
|
NTP | 123 | TCP / UDP | Inbound | Time sync | Disabled | No |
|
LDAP | 389 | TCP | Outbound | LDAP user account authentication | Disabled | Yes | Non-Secure or LDAPS (Secure LDAP, also known as LDAP over SSL) |
RcSP (Record Streaming Protocol)
| 22031 22032 22033 | TCP | Inbound | Network traffic collection by an Analyzer or Monitor
| Enabled | No | TLS/SSLv3 secure RcSP is a BMC proprietary protocol. |
RcSP | 22031 22032 22033 | TCP | Outbound | Send traffic data from an Analyzer or Monitor to the Performance Analytics Engine for processing | Enabled | No | TLS/SSLv3 secure |
Oracle Listener | 1521 | TCP | Inbound | Communication between the Extended Reporting data warehouse (Oracle instance) and the SAP BusinessObjects Central Management Server | Enabled | Yes |
|
NFS / CIFS | 445 | TCP | Inbound | Communication between the Aggregation Server and the Network Attached Storage (NAS) device | Enabled | No |
|
HTTP HTTPS | 8100 8143 | TCP | Inbound | Communication to a Diagnostics Portal from a Diagnostics Collector, Diagnostics Agent, or the AM Console | Enabled | Yes |
|
HTTP HTTPS | 8200 8243 | TCP | Inbound | Communication to a Diagnostics Collector from a Diagnostics Portal or Diagnostics Agent | Enabled | Yes |
|
Related topics
The following topics provide information on how to the configure ports utilized by the APM system components:
- Adding-or-removing-a-component-from-the-Console
- Configuring-LDAP-authentication-for-the-Console
- Configuring-the-local-SNMP-agent
- Configuring-SNMP-traps
- Enabling-email-notification-of-system-alerts-with-SMTP
- HOSTSWRULE-UPDT
- Connecting-SAP-BusinessObjects-to-the-data-warehouse
- Add-a-new-SSL-key-configuration-POST
- Connecting-the-Aggregation-Server-to-a-mail-server-SMTP
- Establishing-traffic-data-feeds-between-an-Analyzer-and-a-Collector
- Modifying-the-Cloud-Probe-configuration
- Changing-Diagnostics-Collector-settings
- Changing-Diagnostics-Portal-settings