Configuring a Firewall for Operations Manager

  • Article
  • 4 minutes to read

Important

This version of Operations Manager has reached the end of support. We recommend you to upgrade to Operations Manager 2022.

This section describes how to configure your firewall to allow communication between the different Operations Manager features on your network.

Note

Operations Manager uses port 389 for LDAP queries for multiple actions such as agent discovery, active directory integration, and so on. Operations Manager doesn't support LDAPs.

Port assignments

The following table shows Operations Manager feature interaction across a firewall, including information about the ports used for communication between the features, which direction to open the inbound port, and whether the port number can be changed.

Operations Manager Feature A Port Number and Direction Operations Manager Feature B Configurable Note
Management server 1433/TCP ---> 
1434/UDP ---> 
135/TCP (DCOM/RPC) ---> 
137/UDP ---> 
445/TCP ---> 
49152-65535 --->		 Operations Manager database Yes (Setup) WMI Port 135 (DCOM/RPC) for the initial connection and then a dynamically assigned port above 1024. For more information, see Special considerations for Port 135
Ports 135,137,445,49152-65535 are only required to be open during the initial Management Server installation to allow the setup process to validate the state of the SQL services on the target machine. 2
Management server 5723, 5724 ---> management server No Port 5724 must be open to install this feature and can be closed after this feature has been installed.
Management server 161,162 <---> network device No All firewalls between the management server and the network devices need to allow SNMP (UDP) and ICMP bi-directionally.
Gateway server 5723 ---> management server No
Management server 1433/TCP --->
1434/UDP ---> 
135/TCP (DCOM/RPC) ---> 
137/UDP ---> 
445/TCP ---> 
49152-65535 --->		 Reporting data warehouse No Ports 135,137,445,49152-65535 are only required to be open during the initial Management Server installation to allow the setup process to validate the state of the SQL services on the target machine. 2
Reporting server 5723, 5724 ---> management server No Port 5724 must be open to install this feature and can be closed after this feature has been installed.
Operations console 5724 ---> management server No
Operations console 80, 443 --->
49152-65535 TCP <--->		 Management Pack Catalog web service No Supports downloading management packs directly in the console from the catalog.1
Connector framework source 51905 ---> management server No
Web console server 5724 ---> management server No
Web console browser 80, 443 ---> web console server Yes (IIS Admin) Default ports for HTTP or SSL enabled.
Web console for Application Diagnostics 1433/TCP --->
 1434 --->		 Operations Manager database Yes (Setup) 2
Web console for Application Advisor 1433/TCP --->
 1434 --->		 Reporting data warehouse Yes (Setup) 2
Connected management server (Local) 5724 ---> connected management server (Connected) No
Windows agent installed using MOMAgent.msi 5723 ---> management server Yes (Setup)
Windows agent installed using MOMAgent.msi 5723 ---> gateway server Yes (Setup)
Windows agent push installation, pending repair, pending update 5723/TCP
135/TCP
137/UDP
138/UDP
139/TCP
445/TCP

*RPC/DCOM High ports (2008 OS and later)
Ports 49152-65535 TCP		 Communication is initiated from MS/GW to an Active Directory domain controller and the target computer.
UNIX/Linux agent discovery and monitoring of agent TCP 1270 <--- management server or gateway server No
UNIX/Linux agent for installing, upgrading, and removing agent using SSH TCP 22 <--- management server or gateway server Yes
OMED Service TCP 8886 <--- management server or gateway server Yes
Gateway server 5723 ---> management server Yes (Setup)
Agent (Audit Collection Services forwarder) 51909 ---> management server Audit Collection Services collector Yes (Registry)
Agentless Exception Monitoring data from client 51906 ---> management server Agentless Exception Monitoring file share Yes (Client Monitoring Wizard)
Customer Experience Improvement Program data from client 51907 ---> management server (Customer Experience Improvement Program End) Point Yes (Client Monitoring Wizard)
Operations console (reports) 80 ---> SQL Reporting Services No The Operations console uses Port 80 to connect to the SQL Reporting Services web site.
Reporting server 1433/TCP --->
1434/UDP --->		 Reporting data warehouse Yes 2
Management server (Audit Collection Services collector) 1433/TCP <---
1434/UDP <---		 Audit Collection Services database Yes 2

Management Pack Catalog Web Service 1

Identify SQL Port 2

  • If SQL Server is installed with the default port, the port number is 1433. If not the default port, it may be dynamic or non-default. To identify the port, follow these steps:

    1. In SQL Server Configuration Manager, in the console pane, expand SQL Server Network Configuration, expand Protocols for <instance name>, and then double-click TCP/IP.
    2. In the TCP/IP Properties dialog, on the IP Addresses tab, note the port value for IPAall.

  • If you plan on deploying the Operations Manager databases on a SQL Server configured with an Always On Availability Group or migrate after installation, do the following to identify the port:

    1. In Object Explorer, connect to a server instance that hosts any availability replica of the availability group whose listener you want to view. Select the server name to expand the server tree.
    2. Expand the Always On High Availability node and the Availability Groups node.
    3. Expand the node of the availability group, and expand the Availability Groups Listeners node.
    4. Right-click the listener that you want to view, and select the Properties command.
      This opens the Availability Group Listener Properties dialog.