Planning firewall access
Determine the firewalls that are set and the ports that must be open for the Tivoli® Storage Manager solution to work.
Table 1 describes the ports that are used by the server, client, and Operations Center.
| Item | Default | Direction | Description |
|---|---|---|---|
| Base port (TCPPORT) | 1500 | Outbound / Inbound | Each server instance requires a unique TCP port. You can specify an alternative TCP port number. You can use the TCPADMINPORT option and ADMINONCLIENTPORT option to set TCP port values. |
| SSL Base Port (SSLTCPPORT) | No default | Outbound / Inbound | This port is used only if SSL communication is enabled. A server can support both SSL and non-SSL communication if both TCPPORT and SSLTCPPORT are specified. |
| SMB | 45 | Inbound / Outbound | This port is used by configuration wizards that communicate by using native protocols with multiple hosts. |
| SSH | 22 | Inbound / Outbound | This port is used by configuration wizards that communicate by using native protocols with multiple hosts. |
| SMTP | 25 | Outbound | This port is used to send email alerts from the server. |
| NDMP | No default | Inbound / Outbound | The server must be able to open an outbound NDMP control port connection to the NAS device. The outbound control port is the Low-Level Address in the data mover definition for the NAS device. During an NDMP filer-to-server restore, the server must be able to open an outbound NDMP data connection to the NAS device. The data connection port that is used during a restore can be configured on the NAS device. During NDMP filer-to-server backups, the NAS device must be able to open outbound data connections to the server and the server must be able to accept inbound NDMP data connections. You can use the server option NDMPPORTRANGE to restrict the set of ports available for use as NDMP data connections. You can configure a firewall for connections to these ports. |
| Replication | No default | Outbound / Inbound | The port and protocol for the outbound port for replication are set by the DEFINE SERVER command that is used to set up replication. The inbound ports for replication are the TCP ports and SSL ports that the source server names in the DEFINE SERVER command. |
| Client schedule port | Client port: 1501 | Outbound | The client listens on the port that is named and communicates the port number to the server. The server contacts the client if server prompted scheduling is used. You can specify an alternative port number in the client options file. |
| Long running sessions | KEEPALIVE setting: YES | Outbound | When the KEEPALIVE option is enabled, keepalive packets are sent during client-server sessions to prevent the firewall software from closing long-running, inactive connections. |
| Operations Center | HTTPS: 11090 | Inbound | These ports are used for the Operations Center web browser. You can specify an alternative port number. |
| Client management service port | Client port: 9028 | Inbound | The client management service port must be accessible from the Operations Center. Ensure there are no firewalls that can prevent connections. The client management service uses the TCP port of the server for the client node for authentication by using an administrative session. |