Question & Answer
Question
Answer
Ports used in or by Guardium version 10.x (10.0, 10.1, 10.1.2, 10.1.3, 10.1.4, 10.5, 10.6).
DB Server – Collector
TCP 16016 – UNIX STAP, both directions, registration, heartbeat, and data (including IBM i S-TAP running in PASE)
TCP 16017 – Windows/UNIX CAS, both directions, templates and data
TCP 16018 – UNIX S-TAP (TLS) and External S-TAP, both directions, registration, heartbeat, and data (including IBM i S-TAP running in PASE)
TCP 16019 – Windows/Unix CAS (TLS), both directions, templates and data
TCP 16020 - From STAP agent Clear UNIX STAP connection pooling
TLS 16021 - From STAP agent Encrypted UNIX STAP connection pooling
TCP 9500 – Windows S-TAP, both directions, DB Server to Collector, STAP registration and data
TCP 9501 – Windows S-TAP (TLS), both directions, DB Server to Collector, STAP registration and data
For S-TAP verification, database connection port (as defined in inspection engine) must be open from collector to database server.
Collector – Aggregator (Secure Shell – SSL)
TCP 22 – SSH/SCP data transfers, both directions
TCP 8443 – SSL, both directions
TCP 8444 – SSL, STAP to GIM file upload. Note: For v10.1.3 and above, port 8444 (TLS, not-authenticated), will not be used by GIM clients anymore. This port is dedicated for must gather logger uploads, custom kernel uploads and V9 inspection engine discovery uploads.
TCP 3306 – MySQL, opened to specific sources (for instance, the Central Manager is open to all managed units; a managed unit is open to the Central Manager)
TLS 8447 - Used for remote messaging service infrastructure (and profile distribution infrastructure) for communication between Guardium systems in the federated environment / centrally-managed environment. Configuration profiles allow the definition of configuration and scheduling settings from a Central Manager and conveniently distribute those settings to managed unit groups without altering the configuration of the Central Manager itself.
TCP/TLS 16022/16023 - Universal Feed. 16022 (FAM monitoring, unencrypted) and 16023 (FAM monitoring, encrypted) both need to be open bidirectionally. The sniffer needs the block from 16016 to 16023 open bidirectionally.
18087 - Listener port for FAM on IBM Content Classification (ICM) server located on the same machine where FAM is installed.(serverSettings.icmURL=http://localhost:18087) Open bidirectionally.
Guardium Installation Manager (GIM)
8445 - GIM client listener, both directions, TCP. The GIM client is doing the listening. Any GIM server on either the Central Manager or the collector can reach out to it (the GIM client).
8446 - GIM authenticated TLS, both directions. Use between the GIM client and the GIM server (on the Central Manager or collector). If GIM_USE_SSL is NOT disabled, then the gim_client will attempt to communicate its certificate via port 8446. IF port 8446 is NOT open, then it defaults to 8444, BUT no certificate is passed (for example, TLS without verification).
8081 - To use 8081 for the GIM client to connect to the GIM server, there is a need to disable the GIM_USE_SSL parameter - it is ON by default. This parameter is part of the GIM common parameters in the GUI. If GIM_USE_SSL is NOT disabled, then the gim_client will attempt to communicate its certificate via port 8446. IF port 8446 is NOT open, then it defaults to 8444, BUT no certificate is passed (for example, TLS without verification).
Enterprise load balancer
TLS 8443 - S-TAP load balancer - Needed for UNIX/Linux S-TAPs to communicate instances to the collector. However this port is also used for the Central Manager load balancer. The S-TAP initiates a request to Central Manager (load balancer) on 8443 sending HTTPS message, if installation indicates to use Enterprise load balancer. Between the database server and Central Manager, there will be the capability to use a proxy server, if customer doesn't want an open port directly from database to Central Manager.Quick Search for Enterprise
TCP 9983 - SOLR - Incoming, SSL
User Interface – Guardium System (standalone, aggregator, Central Manager)
TCP 8443 – User to system, GUI connectivity (configurable), both directions
System – SMTP server
TCP 25 – System to SMTP server, email alertsSystem – SNMP server
UDP 162 - System to SNMP server, SNMP traps
System – SYSLOG server
UDP/TCP 514 – Remote syslog message from/to other systems, typically SIEMNote: The local port is 514, but the remote port must be entered into the configuration. If encryption is used, the protocol must be TCP, not UDP.
System – NTP server
TCP/UDP 123 – System to Network Time Protocol ServerSystem – DNS server
TCP/UDP 53 – System to Domain Name ServerSystem – EMC Centera (backups)
TCP 3218 – System to EMC CenteraSystem – Active Directory/LDAP
636 - TCP from appliances Encrypted LDAP, for example, Active Directory via SSL (optional)
System – Mainframe
TCP 16023 - TLS connections, specifically IBM‘s Application Transparent Transport Layer Security (AT-TLS)
Fileserver
TLS 8445 - by default, fileserver uses an encrypted TLS connection= = = = = = = = = = =
v9.x Open Ports
Ports used in or by the Guardium Appliance (Guardium v9.0, 9.1, 9.5)
DB Server – Collector
TCP 16016 – UNIX STAP, both directions, registration, heartbeat, and data (including IBM i
S-TAP running in PASE)
TCP 16017 – Windows/UNIX CAS, both directions, templates and data
TCP 16018 – UNIX S-TAP (TLS), both directions, registration, heartbeat, and data (including IBM i S-TAP running in PASE)
TCP 16019 – Windows/UNIX CAS (TLS), both directions, templates and data
TCP 16020 – UNIX STAP, both directions (for firewall purposes, traffic must be bi-directional if only to push data, so the TCP acknowledgements make it to the database server), S-GATE firewall communications
TCP 16021 – UNIX STAP (TLS), both directions (for firewall purposes, traffic must be bi-directional if only to push data, so the TCP acknowledgements make it to the database server), S-GATE firewall communications
UDP 8075 – Windows STAP, in one direction, Sniffer to STAP
TCP 8081 – GIM, both directions, database server to collector/Central Manager
TCP 9500 – Windows STAP, both directions, DB Server to Collector, STAP registration and data
TCP 9501 – Windows STAP (TLS), both directions, DB Server to Collector, STAP registration and data
Custom ports for the DB server (as defined in the inspection engine), STAP verificationCollector – Aggregator (Secure Shell – SSL)
TCP 22 – Collector to aggregator, SCP data exports, both directions
Central Manager – Managed Devices
TCP 22 – SSH/SCP data transfers, both directions
TCP 8443 – SSL, both directions
TCP 8444 – SSL, STAP to GIM file upload
TCP 3306 – MySQL, opened to specific sources (for instance, the Central Manager is open to all managed units; a managed unit is open to the Central Manager)
User Interface – Guardium Appliance (standalone, aggregator, Central Manager)
TCP 22 – User to appliance, CLI connectivity, both directions
TCP 8443 – User to appliance, GUI connectivity (configurable), both directions
Appliance – SMTP server
TCP 25 – Appliance to SMTP server, email alerts
Appliance – SNMP server
UDP 161 - SNMP client to appliance – SNMP Polling
UDP 162 - Appliance to SNMP server, SNMP traps
Appliance – SYSLOG server
UDP 514 – Remote syslog message from/to other appliances, typically SIEM
Appliance – NTP server
TCP/UDP 123 – Appliance to Network Time Protocol Server
Appliance – DNS server
TCP/UDP 53 – Appliance to Domain Name Server
Appliance – EMC Centera (backups)
TCP 3218 – Appliance to EMC Centera
System – Active Directory/LDAP
636 - TCP from appliances Encrypted LDAP, for example, Active Directory via SSL (optional)
Appliance – Mainframe
TCP 16022 – Connects S-TAP DB2 z/OS, S-TAP IMS, S-TAP VSAM (S-TAP Data Set)
Fileserver
TLS 8445 - By default, fileserver uses an encrypted TLS connection= = = = = = = = = =
Was this topic helpful?
Document Information
Modified date:
16 December 2019
UID
swg21973188