Configuring Firewall and Ports
CDA requires you to have a small set of inbound and outbound TCP ports open. All ports assignments are configurable and can be changed in the configuration file of the components.
This graphic depicts the network connections in a typical installation and provides the default port numbers:
Since the components are distributed in different network areas, the following lists can help you with the port configuration.
Work Processes (WPs) Ports
Whereas Communication Processes (CPs) have an outbound connection, WPs must not be exposed to the outside and should be protected by a firewall.
Communication between WPs/JWPs and CPs ( WP/JWP <-> WP/JWP and CP <-> WP/JWP):
- Port for Primary Work Process 2270 TCP
- Ports for Work Processes/Java Work Processes 2271-2279 TCP
Inbound Ports (Automation Engine)
-
Ports for CPs 2217-2221 TCP
Communication between CPs and Agents, Client Proxy, Automic Web Interface, Call API, Analytics Backend.
-
Port for Service Manager 8871 TCP
Communication between CP, Service Manager Dialog, Service Manager CLI, and the Service Manager.
-
Ports for JCP (Java Communication Process) 8088/8443 TCP
Communication between JCP and Automic Web Interface
-
Port for Automic Web Interface 8080/8443 TCP
Communication between Automic Web Interface and the Analytics Backend.
Outbound Ports
Automation Engine
-
Port for the e-mail server 25 TCP
Communication between WP and the e-mail server
-
Port for Git 22 TCP
Communication between JCP and Git
-
Port for LDAP 389/636 TCP
Communication between WP/JWP and LDAP
Port for DNS servers 53 TCP/UDP
Agents and Proxy
-
Ports for the connection to the Automation Engine Server (on the Automation Engine system) 2217-2221 TCP
Communication between CPs and Agents.
-
Port for direct File Transfers between Agents (on the system where the Agent is installed) 2300 TCP
It can be changed in the configuration files. For details on file transfers refer to the INI configuration page of the Agent Windows 64-bit.
-
Port for the Client Proxy 4321 TCP
Communication between the Server and the Client Proxy.
-
Port for the Server Proxy 2217 TCP
Communication between the Agent and the Server Proxy.
Analytics
-
Port for Analytics Backend 8090/8443 TCP
Communication between Analytics and Automic Web Interface.
-
Port for the Rule Engine (Flink) 6124 TCP
Communication between he Rule Engine and Kafka.
-
Port for Zookeeper 2181 TCP
Communication between Analytics Backend and Zookeeper.
-
Port for Kafka 9092 TCP
Communication between Kafka and the Rule Engine.
CDA
-
Default port in use 80 TCP (443 TCP for https) at the CDA server system.
IIS instanced with deployed release manager instance
See also: