What ports do I need to open on my firewall for the TSOM components' successful connectivity?
A common symptom is the message "Authorization Error: No connection exists"
In your enterprise, if a firewall exists between any of the TSOM components,
- end user's workstation <-> CMS
- CMS <-> EAM
- EAM <-> UCM
some ports need to be opened to enable a successful connection and transfer of data.
Between the end user's workstation and CMS, ports 2468 and 9997 need to be opened. Port 2468 is the command channel and port 9997 is the data channel. Also, for http or https connections, you need to open either port 8080 (http) or 8448 (https).
Between the CMS and EAM, ports 2468 and 3579 must be opened. Port 2468 is the command channel and port 3579 is the data channel.
Between the EAM and UCM, the default ports are 16001 (encrypted) or 16002 (unencrypted). However, this can be changed, so refer to the ucm.cfg for the correct port, found in this parameter:
ucm.conduit.port = 16002
If you only wish to configure this port to be open one way, configure your router or firewall to receive packets on the EAM, which listens on port 16002. Here is netstat output from a Linux EAM:
# netstat -an | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 :::16001 :::* LISTEN
tcp 0 0 :::16002 :::* LISTEN
You can see here, the EAM is listening on ports 16001 and 16002.
TSOM Tivoli Security Operations Manager