Technote (FAQ)
Question
What ports do I need to open on my firewall for the TSOM components' successful connectivity?
Cause
A common symptom is the message "Authorization Error: No connection exists"
Answer
In your enterprise, if a firewall exists between any of the TSOM components,
- end user's workstation <-> CMS
- CMS <-> EAM
- EAM <-> UCM
some ports need to be opened to enable a successful connection and transfer of data.
Between the end user's workstation and CMS, ports 2468 and 9997 need to be opened. Port 2468 is the command channel and port 9997 is the data channel. Also, for http or https connections, you need to open either port 8080 (http) or 8448 (https).
Between the CMS and EAM, ports 2468 and 3579 must be opened. Port 2468 is the command channel and port 3579 is the data channel.
Between the EAM and UCM, the default ports are 16001 (encrypted) or 16002 (unencrypted). However, this can be changed, so refer to the ucm.cfg for the correct port, found in this parameter:
-
ucm.conduit.port = 16002
If you only wish to configure this port to be open one way, configure your router or firewall to receive packets on the EAM, which listens on port 16002. Here is netstat output from a Linux EAM:
-
# netstat -an | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
.
.
tcp 0 0 :::16001 :::* LISTEN
tcp 0 0 :::16002 :::* LISTEN
You can see here, the EAM is listening on ports 16001 and 16002.
Historical Number
92077
000
613
Product Alias/Synonym
TSOM Tivoli Security Operations Manager
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.