Open Ports Needed By TSOM

Technote (FAQ)


What ports do I need to open on my firewall for the TSOM components' successful connectivity?


A common symptom is the message "Authorization Error: No connection exists"


In your enterprise, if a firewall exists between any of the TSOM components,

  • end user's workstation <-> CMS
  • CMS <-> EAM
  • EAM <-> UCM

some ports need to be opened to enable a successful connection and transfer of data.

Between the end user's workstation and CMS, ports 2468 and 9997 need to be opened. Port 2468 is the command channel and port 9997 is the data channel. Also, for http or https connections, you need to open either port 8080 (http) or 8448 (https).

Between the CMS and EAM, ports 2468 and 3579 must be opened. Port 2468 is the command channel and port 3579 is the data channel.

Between the EAM and UCM, the default ports are 16001 (encrypted) or 16002 (unencrypted). However, this can be changed, so refer to the ucm.cfg for the correct port, found in this parameter:

    ucm.conduit.port = 16002

If you only wish to configure this port to be open one way, configure your router or firewall to receive packets on the EAM, which listens on port 16002. Here is netstat output from a Linux EAM:
    # netstat -an | more
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address        Foreign Address             State

    tcp        0      0 :::16001             :::*                 LISTEN
    tcp        0      0 :::16002             :::*                 LISTEN

You can see here, the EAM is listening on ports 16001 and 16002.

Historical Number


Product Alias/Synonym

TSOM Tivoli Security Operations Manager

Document information

More support for:

Tivoli Security Operations Manager
Central Management

Software version:

4.1, 4.1.1

Operating system(s):

AIX, Linux, Solaris, Windows

Reference #:


Modified date:


Translate my page

Content navigation