IBM Support

TCP/IP Ports Required for IBM i Access and Related Functions

Troubleshooting


Problem

This document provides information on which TCP/IP ports are required when using IBM i Access Client Solutions [ACS].

Resolving The Problem

The following table lists the ports that ACS and related functions use for communication with an IBM i OS system:
 
PC Function
Server Name
 Port Non-SSL Port SSL
  • Server Mapper
  • as-svrmap
  • 449
  • ---
  • License Management
  • as-central
  • 8470
  • 9470
  • Database Access
  • as-database
  • 8471
  • 9471
  • Data Queues
  • as-dtaq
  • 8472
  • 9472
  • IFS Access using
    Access/Navigator
  • as-file
  • 8473
  • 9473
  • Network Printers
  • as-netprt
  • 8474
  • 9474
  • Remote Command
  • as-rmtcmd
  • 8475
  • 9475
  • Signon Verification
  • as-signon
  • 8476
  • 9476
  • Telnet (5250 Emulation)
  • telnet
  • 23
  • 992
  • as-nav
  • 2004
  • 2005
  • New Navigator for i
  • as-new-nav
  • 2002
  • 2003
  • Digital Certificate Manager
  • as-admin3-http
  • 2006
  • 2007
  • HTTP Administration
  • as-admin
  • 2001
  • 2010
  • DDM/DRDA
  • DDM/DRDA
  • 446
  • 448
  • NetServer
  • netbios >
  • 137
  • ---
  • NetServer 
  • netbios >
  • 139
  • ---
  • NetServer (CIFS)
  • CIFS
  • 445
  • ---
  • Secure Shell
  • ssh
  • 22
  • ---
  • Service Tools Server
  • as-sts
  • 3000
  • ---
  • HMC 5250 Console
  • 2300
  • 2301
  • ACS LAN Console
  • ---
  • 3001, 3002, 2300, 2323

If any of the above ports are restricted by a firewall or any other mechanism, ACS or related functions might fail to operate. For assistance with configuring ports or working with a firewall beyond the above information, contact the firewall provider or obtain a consulting agreement.
Note: The following ports are common to most ACS functions such as Telnet, ODBC, Data Transfer, etc. :
  • Port 449 is used to look up a service by name and return the port number
  • Ports 8470 and 9470(TLS/SSL) are used for host code page translation tables and licensing functions
  • Ports 8475 and 9475(TLS/SSL) are used to check for Application Administration restrictions
  • Ports 8476 and 9476(TLS/SSL) are used for checking signon verification to authenticate
Depending on your needs, you only need the above ports and the port(s) for your function/application. For example, a TLS/SSL connection for Telnet (5250 Emulation) with ACS requires ports 449, 992, 9470, 9475, and 9476.

For the ports used by 5250 Console, see: How to check Firewall blockage for Operations Console or HMC 5250 console
For a list of currently listening IPv4 daemons on the IBM i, run the following SQL statement:
SELECT LOCAL_PORT, LOCAL_PORT_NAME, BIND_USER, IDLE_TIME 
 FROM QSYS2.NETSTAT_INFO
 WHERE LOCAL_ADDRESS = '0.0.0.0'
 ORDER BY LOCAL_PORT;
Other options are the CL command NETSTAT OPTION(*CNN) or review the output from WRKSRVTBLE OUTPUT(*PRINT).

[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CMAAA2","label":"Communications-\u003ETCP"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]

Historical Number

13642023

Document Information

Modified date:
01 September 2025

UID

nas8N1019667

Page Feedback