The customer performs a default installation of IC with IC and DC on separate servers. However, the network administrators require the Windows Firewall to be enabled on both servers. The following ports must be allowed as exceptions by the Windows Firewall in order for IC to fully function.
A. TCP Port 80: This is only required if the default ports were designated on install.
B. TCP Port 443: This is only required if the default ports were designated on install.
C. UDP Port 9800: This is for FDR. 1) IC will still function just not collect FDR data.
D. TCP Port 21: Required for Proper PacketShaper authentication and for collection of ME data.
E. TCP Port 8543: This is only REQUIRED when the IC and DC are separate. But best practice is to always allow.
F. TCP Port 8778: SAPI: This Port is limited to localhost on the DC Server. if anything should block that port even form localhost, you would find yourself, able to collect data and generate reports but unable to modify the infrastructure present on the server.
G. BlueCoatDataCollectorjboss-4.0.3serveragentconfdevice-system-configuration should be 127.0.0.1
H. TCP Port 5432: Local Postgres Database Port. Like the SAPI port above it is only accessible form localhost can be modified in the jboss. C:BlueCoatDataCollectorjboss-4.0.3serveragentconfdevice-system-configuration should be 127.0.0.1 if on the same server. It should reference the partner IP if a separate IC and DC Server are installed.
SPECIAL TCP FUNCTIONS:
TCP Echo: TCP Echo is required across the LAN. If it is off, ME will fail.
TCP Syn is by default OFF in all Windows environments since Windows 2000. IC assumes it is off.
Application to Individual NICs: Be aware that Exceptions can be applied to individual NICs. if you configure them, and still have problems, Double check the Advanced tab to see if someone applied multiple NICs.
What if I cannot add the above Ports to the Exception List?
You are subject to a GPO or other local security policy which prevents your user account form modifying the WindowsFirewall Service
Firewall Port Summary
Summary of IC Firewall Ports
|Notes and facts of interest|
|21||TCP||IC / DC / SH||Ftp is required for ME Data and IC/DCInventory and Config|
|80||TCp||CL / IC||WWW for Access to IC|
|443||TCP||CL /.IC||Secure WWW for access to IC|
|8543||TCP||IC / DC||Only of interest if IC/ DC on separate machines|
|9800||UDP||DC/SH||FDR Data Port between IC/DC|
|8778||TCP||DC/DC||SAPI: Only 127.0.0.0 is allowed|
|5432||TCP||IC / DC||Postures: Required anytime IC or DC need to talk|
|Tcp Echo||NA||IC/DC/SH||Network Firewall must allowed|
| || || || |