Symantec IGA

Here is a list of known IM/IMPS ports that I have gathered (Subject to change):

Default web application ports:

JBoss/Tomcat: 8080

WebLogic: 7001

WebSphere: 9080

Provisioning server requires the following default ports :

8443 - DXmanager GUI

20389 - Provisioning Server

20390 - SSL Provisioning Server

20391 - Provisioning Server router

20392 - Provisioning Directory (SSLD)

20394 - Provisioning Directory DSA (IMPD-Main)

20396 - Provisioning Directory DSA (IMPD-Co)

20398 - Provisioning Directory DSA (IMPD-Inc)

20404 - Provisioning Directory DSA (IMPD-Notify)

20402 - CCS non-SSL

20403 - CCS - SSL

20410 - JCS - non SSL

20411 - JCS - SSL

4104- CAM UDP port

4105 - CAM TCP port

6400 - Reporting- The Central Management Server (CMS) port

Connector Server Ports:

22001 - Broker HTTP Port

22002 - Broker HTTPS Port

20080 - Web Console HTTP Port

20443 - Web Console HTTPS Port

22099 - RMI Registry Port

EndPoints:

389 - Active Directory non SSL

636 - Active Directory SSL

Nice list.  :-)

For confirmation, I use a mix of OS tools / processes.  Useful for validating/building firewall rules.

For Windows OS:  

1) netstat -anb         (-a to show LISTENING ports, -n to just display IP address and avoid DNS lookup, -b to show running program associated to the port)

2) Install MS Sysinternals tool, Process Explorer.   It is a MS supported tool, so no concern on using a 3rd party tool.   This is "task manager" EVERY resource should have.  

https://technet.microsoft.com/en-us/sysinternals/bb896653

For Unix / Linux OS:

1)  lsof -i4 -n      (very well formatted; forced to ipv4 and no DNS lookup)

2) netstat -tulpn    (list without DNS lookup; may need to use grep to isolate process if there are many)

Note:  if a port is LISTENING only on localhost (127.0.0.1), there is no value in creating a external F/W rule (as it is used by the services themselves within the host/server).