IBM Support

QRadar: Forensics appliance common opened ports

Troubleshooting


Problem

This technote lists the ports required for PCAP appliance operation.

Resolving The Problem

These TCP ports are required for external access on a PCAP Master Appliance:

Table 1 PCAP Master Ports that are Required.

PortServices and Protocols
4477SSH
443PCAP REST API access
41390Web UI access
41392PCAP REST API access

 
In case of a Cluster where a Data Node is installed, these TCP ports must be opened for Data node to access a PCAP Master Appliance:
 

Table 2 PCAP Data Node Ports that are Required.

PortServices and Protocols
41391, 41393 - 41396Data Node send node status, License information, System Usage information, Search lists, and Search data
41500Data Node send Status, license information, System usage information, Search lists, and Search data
4477SSH
5000 - 5021PCAP Master sends PCAP data and status requests to Data Node.

Note: All ports that are listed in Table 2 are communication ports between the PCAP Master appliance and PCAP Data Node. These ports for a PCAP Data Node only should be open to the PCAP Master Appliance.
 



Where do you find more information?

[{"Product":{"code":"SSMU35","label":"IBM QRadar Network Packet Capture Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Installation","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
28 October 2020

UID

swg21999205