Symantec IGA

Expand all | Collapse all

Default Ports Identity Manager and Components Use

  • 1.  Default Ports Identity Manager and Components Use

    Posted 07-31-2015 12:02 PM

    Here is a list of known IM/IMPS ports that I have gathered (Subject to change):

     

    Default web application ports:

    JBoss/Tomcat: 8080

    WebLogic: 7001

    WebSphere: 9080

     

    Provisioning server requires the following default ports :

    8443 - DXmanager GUI

    20389 - Provisioning Server

    20390 - SSL Provisioning Server

    20391 - Provisioning Server router

    20392 - Provisioning Directory (SSLD)

    20394 - Provisioning Directory DSA (IMPD-Main)

    20396 - Provisioning Directory DSA (IMPD-Co)

    20398 - Provisioning Directory DSA (IMPD-Inc)

    20404 - Provisioning Directory DSA (IMPD-Notify)

     

    20402 - CCS non-SSL

    20403 - CCS - SSL

     

    20410 - JCS - non SSL

    20411 - JCS - SSL

     

    4104- CAM UDP port

    4105 - CAM TCP port

     

    6400 - Reporting- The Central Management Server (CMS) port

     

    Connector Server Ports:

    22001 - Broker HTTP Port

    22002 - Broker HTTPS Port

    20080 - Web Console HTTP Port

    20443 - Web Console HTTPS Port

    22099 - RMI Registry Port

     

     

    EndPoints:

    389 - Active Directory non SSL

    636 - Active Directory SSL



  • 2.  Re: Default Ports Identity Manager and Components Use

    Posted 10-15-2015 06:15 PM

    Nice list.  :-)

     

    For confirmation, I use a mix of OS tools / processes.  Useful for validating/building firewall rules.

     

    For Windows OS:  

     

    1) netstat -anb         (-a to show LISTENING ports, -n to just display IP address and avoid DNS lookup, -b to show running program associated to the port)

    2) Install MS Sysinternals tool, Process Explorer.   It is a MS supported tool, so no concern on using a 3rd party tool.   This is "task manager" EVERY resource should have.  

    https://technet.microsoft.com/en-us/sysinternals/bb896653

     

    For Unix / Linux OS:

    1)  lsof -i4 -n      (very well formatted; forced to ipv4 and no DNS lookup)

    2) netstat -tulpn    (list without DNS lookup; may need to use grep to isolate process if there are many)

     

     

    Note:  if a port is LISTENING only on localhost (127.0.0.1), there is no value in creating a external F/W rule (as it is used by the services themselves within the host/server).