TCP Port Requirements and Firewall Exceptions
The following table summarizes the TCP ports that need to be allowed by the firewall in order for the Application Discovery Suite to function as intended.
In all cases, communication is bidirectional. The firewall must allow both the incoming traffic, which represents requests, for the mentioned ports, and the outgoing traffic, which represents the answers to these requests.
From (Sender) | To (Listener Component) | Default Listener Port | Note |
---|---|---|---|
|
|
|
For Db2 for LUW (Linux, UNIX, and Windows), you can use the default ports depending on the installed version. |
|
SQL Server | TCP 1433 | The port of the SQL Server Database Engine
instance that hosts the AD databases. Majority of the AD components use this port to read/write data
from/into the SQL databases. The default instance of the SQL ServerDatabase Engine listens on TCP port 1433, but it can be changed via SQL Server admin tools. Ask your database server administrator what port is used by the SQL Server instance that is used by AD. Make sure not to use TCP port 1434, which is used by Dedicated Administration Console (DAC). |
The computer where the browser session is opened | IBM AD Configuration Server | TCP 9443 | The port that is used to access the web interface of IBM AD
Configuration Server. The default port is 9443, but it can be changed through server.xml file in the \IBM AD Web Services\wlp\usr\servers\ad_server folder. or by updating theIf the web interface is accessed only locally on IBM AD Configuration Server, this port does not have to be opened in the firewall. |
|
IBM AD Configuration Server |
|
The port that IBM AD
Configuration Server listens on for
requests from various AD components that need to obtain the configuration settings from IBM AD
Configuration Server. The default port is 2181, but it can be changed through the Admin UI . |
IBM AD Analyze Client | IBM AD Batch Server |
|
The port of the OrientDB database instance that
is hosted by IBM AD Batch Server. IBM AD Analyze Client makes requests to this port for retrieving the data that is related to callgraph analyses. The default port is 2424, but it can be changed through the Admin UI . |
|
IBM AD Connect for Mainframe | Any available TCP port (no default value) | The port that IBM AD Connect for
Mainframe listens on. It is used by
IBM AD Build
Configuration to retrieve source code information and
operational information from the mainframe, and used by IBM AD Build Client to retrieve source code files from the
mainframe. For how to set or change the port that is used by IBM AD Connect for Mainframe, see section Configuring the Listener PROC. There is no default port that is specified. Any available port can be selected. For example, port 6000 or port 46000. After you change this port in IBM AD Connect for Mainframe, the z/OS®z/OS connection setup needs to be reconfigured to use the new port. To configure the setting, click the zOS tab in the IBM AD Build Configuration tool. |
IBM AD Connect for Mainframe | IBM AD Validation Service | Any available TCP port (no default value) | The port that IBM AD Validation Service listens on for validation
requests from IBM AD Connect for
Mainframe. It can be configured in the ServicePort.txt configuration file that is located in the IBM AD Validation Service installation folder. No default port is set by default. Any available TCP port can be used. For example, port 48000. IBM AD Validation Service is an optional component. If it is not used, this port does not have to be opened in the firewall. |
|
IBM AD Audit Service |
|
The port that IBM AD Audit Service listens on to receive requests
from various AD components for logging audit events. The port number can be changed by altering the httpPort value in the server.xml file. The file is located in the folder of the IBM Liberty instance that hosts IBM AD Audit Service. After you change this port, make sure to reconfigure the AD components that audit events to use the new port. For more information, see Configuring IBM AD Components to Use the Audit Service. The IBM AD Audit Service and IBM AD Catalog Service are optional AD components. They are both hosted by the same WebSphere® Liberty instance. If neither of them is used, the port does not have to be opened in the firewall. (*) If the ssl implementation is used, the default port is 9443. |
|
IBM AD Catalog Service | TCP 9080 | The port that IBM AD Catalog Service listens on. This port is used
by IBM AD Data Collector to push data into IBM AD Catalog
Service, and it is used by IBM AD Analyze Client to
retrieve the data that is needed for displaying API
analyses. The port number can be changed by altering the httpPort value in the server.xml file. The file is located in the folder of the IBM Liberty instance that hosts IBM AD Catalog Service. After you change this port, make sure to reconfigure IBM AD Data Collector and IBM AD Analyze Client to use the new port. For more information, see Configuring the Data Collector and Configuring IBM AD Analyze Client. The IBM AD Audit and IBM AD Catalog Service are optional AD components. They are both hosted by the same WebSphere Liberty instance. If neither of them is used, the port does not have to be opened in the firewall. |
|
Authentication Server (DEX) | TCP 7600 | The default port on which Authentication Server (DEX) listens to different requests is 7600. It can be modified in the conf.yaml file. |
|
IBM AD File Service | TCP 7700 | The default port on which IBM AD File Service listens to different requests is 7700. It can be modified in the conf.yaml file. |
|
IBM AD Search Service | TCP 7800 | The default port on which IBM AD Search Service listens to different requests is 7800. It can be modified in the conf.yaml file. |
|
IBM AD Manual Resolutions Service | TCP 7900 | The default port on which AD Manual Resolutions Service listens to different requests is 7900. It can be modified in the conf.yaml file. |
|
IBM AD Mainframe Projects Service | TCP 7650 | The default port on which IBM AD Mainframe Projects Service listens to different requests is 7650. It can be modified in the conf.yaml file. |
|
IBM AD Cross Applications Service | TCP 7850 | The default port on which IBM AD Cross Applications Service listens to different requests is 7850. It can be modified in the conf.yaml file. |
Authentication Server (DEX) | IBM AD Analyze Client | TCP 55555 | The port that is used by Authentication Server (DEX), opened on all Analyze Client machines (in environments using DEX), and used for callback. |