TCP Port Requirements and Firewall Exceptions
The following table summarizes the TCP ports that need to be allowed by the firewall in order for the Application Discovery Suite to function as intended.
In all cases, communication is bidirectional. The firewall must allow both the incoming traffic, which represents requests, for the mentioned ports, and the outgoing traffic, which represents the answers to these requests.
| From (Sender) | To (Listener Component) | Default Listener Port | Note |
|---|---|---|---|
|
|
|
For Db2 for LUW (Linux, UNIX, and Windows), you can use the default ports depending on the installed version. For Db2 for z/OS, you need to ask the Db2 for z/OS Database Administrator to determine the correct port number to use because there might be multiple TCP port numbers Db2 for z/OS is listening on for different Db2 services it provides. |
|
SQL Server | TCP 1433 | The port of the SQL Server Database Engine instance that hosts the AD databases. Majority
of the AD components use this port to read/write data from/into the SQL databases. The default instance of the SQL Server Database Engine listens on TCP port 1433, but it can be changed via SQL Server admin tools. Ask your database server administrator what port is used by the SQL server instance that is used by AD. Make sure not to use TCP port 1434, which is used by Dedicated Administration Console (DAC). |
| The computer where the browser session is opened | AD Configuration Server | TCP 9443 | The port that is used to access the web interface of AD Configuration Server. The default port is 9443, but it can be changed through or by updating the server.xml file in the \IBM AD Web Services\wlp\usr\servers\ad_server folder. If the web interface is accessed only locally on AD Configuration Server, this port does not have to be opened in the firewall. |
|
AD Configuration Server |
|
The port that AD Configuration Server listens on for requests from various AD components
that need to obtain the configuration settings from AD Configuration Server. The default port is 2181, but it can be changed in the server.properties file, which is located in the conf folder where AD Configuration Server is installed. (*) If the
|
| AD Analyze Clients | AD Batch Server |
|
The port of the OrientDB database instance that is hosted by AD Batch Server. AD Analyze Client makes requests to this port for retrieving the data that is related to callgraph analyses. OrientDB uses the first free TCP port in the range 2424 - 2430. This can be changed in the config/orientdb-server-config.xml file. (*) If the
|
|
AD Connect for Mainframe | Any available TCP port (no default value) | The port that AD Connect for Mainframe listens on. It is used by AD Build Configuration to
retrieve source code information and operational information from the mainframe, and used by AD
Build Client to retrieve source code files from the mainframe. For how to set or change the port that is used by AD Connect for Mainframe, see section Configuring the Listener PROC. There is no default port that is specified. Any available port can be selected. For example, port 6000 or port 46000. After you change this port in AD Connect for Mainframe, the z/OS connection setup needs to be reconfigured to use the new port. To configure the setting, click the zOS tab in the AD Build Configuration tool. |
| AD Connect for Mainframe | AD Validation Service | Any available TCP port (no default value) | The port that AD Validation Service listens on for validation requests from AD Connect for
Mainframe. It can be configured in the ServicePort.txt configuration file that is located in the AD Validation Server installation folder. No default port is set by default. Any available TCP port can be used. For example, port 48000. AD Validation Service is an optional component. If it is not used, this port does not have to be opened in the firewall. |
|
AD Audit Service |
|
The port that AD Audit Service listens on to receive requests from various AD components
for logging audit events. The port number can be changed by altering the httpPort value in the server.xml file. The file is located in the folder of the IBM® Liberty instance that hosts AD Audit Service. After you change this port, make sure to reconfigure the AD components that audit events to use the new port. For more information, see Configuring IBM AD Components to Use the Audit Service. The AD Audit and AD Catalog services are optional AD components. They are both hosted by the same WebSphere® Liberty instance. If neither of them is used, the port does not have to be opened in the firewall. (*) If the ssl implementation is used, the default port is 9443. |
|
AD Catalog Service | TCP 9080 | The port that AD Catalog Service listens on. This port is used by AD Data Collector to push
data into AD Catalog, and it is used by AD Analyze Clients to retrieve the data that is needed for
displaying API analyses. The port number can be changed by altering the httpPort value in the server.xml file. The file is located in the folder of the IBM Liberty instance that hosts AD Catalog Service. After you change this port, make sure to reconfigure AD Data Collector and AD Analyze Client to use the new port. For more information, see Configuring the Data Collector and Configuring IBM AD Analyze Client. The AD Audit and AD Catalog services are optional AD components. They are both hosted by the same WebSphere Liberty instance. If neither of them is used, the port does not have to be opened in the firewall. |
|
Authentication Server (DEX) | TCP 7600 | The default port on which Authentication Server (DEX) listens to different requests is 7600. It can be modified in the conf.yaml file. |
|
AD File Service | TCP 7700 | The default port on which AD File Service listens to different requests is 7700. It can be modified in the conf.yaml file. |
|
AD Search Service | TCP 7800 | The default port on which AD Search Service listens to different requests is 7800. It can be modified in the conf.yaml file. |
|
AD Manual Resolutions Service | TCP 7900 | The default port on which AD Manual Resolutions Service listens to different requests is 7900. It can be modified in the conf.yaml file. |
|
AD Mainframe Projects Service | TCP 7650 | The default port on which AD Mainframe Projects Service listens to different requests is 7650. It can be modified in the conf.yaml file. |
|
AD Cross Applications Service | TCP 7850 | The default port on which AD Cross Applications Service listens to different requests is 7850. It can be modified in the conf.yaml file. |
| Authentication Server (DEX) | AD Analyze Client | TCP 9999 | The port that is used by Authentication Server (DEX), opened on all Analyze Client machines (in environments using DEX), and used for callback. |