Symantec IGA

Expand all | Collapse all

Default Ports Identity Manager and Components Use

  • 1.  Default Ports Identity Manager and Components Use

    Posted 07-31-2015 12:02 PM

    Here is a list of known IM/IMPS ports that I have gathered (Subject to change):


    Default web application ports:

    JBoss/Tomcat: 8080

    WebLogic: 7001

    WebSphere: 9080


    Provisioning server requires the following default ports :

    8443 - DXmanager GUI

    20389 - Provisioning Server

    20390 - SSL Provisioning Server

    20391 - Provisioning Server router

    20392 - Provisioning Directory (SSLD)

    20394 - Provisioning Directory DSA (IMPD-Main)

    20396 - Provisioning Directory DSA (IMPD-Co)

    20398 - Provisioning Directory DSA (IMPD-Inc)

    20404 - Provisioning Directory DSA (IMPD-Notify)


    20402 - CCS non-SSL

    20403 - CCS - SSL


    20410 - JCS - non SSL

    20411 - JCS - SSL


    4104- CAM UDP port

    4105 - CAM TCP port


    6400 - Reporting- The Central Management Server (CMS) port


    Connector Server Ports:

    22001 - Broker HTTP Port

    22002 - Broker HTTPS Port

    20080 - Web Console HTTP Port

    20443 - Web Console HTTPS Port

    22099 - RMI Registry Port




    389 - Active Directory non SSL

    636 - Active Directory SSL

  • 2.  Re: Default Ports Identity Manager and Components Use

    Posted 10-15-2015 06:15 PM

    Nice list.  :-)


    For confirmation, I use a mix of OS tools / processes.  Useful for validating/building firewall rules.


    For Windows OS:  


    1) netstat -anb         (-a to show LISTENING ports, -n to just display IP address and avoid DNS lookup, -b to show running program associated to the port)

    2) Install MS Sysinternals tool, Process Explorer.   It is a MS supported tool, so no concern on using a 3rd party tool.   This is "task manager" EVERY resource should have.


    For Unix / Linux OS:

    1)  lsof -i4 -n      (very well formatted; forced to ipv4 and no DNS lookup)

    2) netstat -tulpn    (list without DNS lookup; may need to use grep to isolate process if there are many)



    Note:  if a port is LISTENING only on localhost (, there is no value in creating a external F/W rule (as it is used by the services themselves within the host/server).