What ports need to be open between the OME server and a client?
I have SNMP and 1311 (OMSA) open..... Do I need anything else?
That should be all I believe (161/162 SNMP) and 1311. 2794 for the console.
There is an old ITA doc here that would have similar info.
Hope this helps.
Thanks for this information Rob, this is useful information. I've had customers ask about what ports to open in their firewall for OpenManage Essentials (OME)
Sure, glad to help.
We have added this information to the OME User Guide for the upcoming release.
I've been reading these threads and other ITA documentation regarding what ports to allow and it seems like there is some conflicting information going around. I would like to be able to not only monitor systems behind a firewall, but also push BIOS, firmware & driver updates to them. Can anyone confirm what ports would be needed for that? In my scenario the OME server is NOT behind the firewall, only some of our DMZ servers. Here are the ports I have so far...
161 - SNMP
162 - SNMP Trap
1311 - OMSA
443 - DRAC's and some storage arrays
445 - Remote Software Updates???
Some of hte documentation shows that you need 2607, but my OM server is in the same network as users so I don't think thats necessary. Also, some documentation shows 2148. I don't need PXE, Wake-On-LAN, Telnet or SSH.
Also...do you really need port 80? It seems like most everything uses 443.
For firmware patches you need:
Windows File Share is needed: Port 445 TCP and UDP
SSH is needed for linux updates.
We added a table of port information in the user guide for the upcoming release of OME.
Thanks for the info so far. How about 80? What is 2794 for? Is this document available yet?
No, the doc should be available in Q1 when OME 1.0.1 releases.
WMI port info:
OME ports need to be exposed for web access
3668 (task manager)
I'm not so sure we use port 80 since our console uses 2607. I'll have to try and find out about 2794.
Rob, just to clarify though. If my OME server is on the inside of the firewall, I don't need to allow 2607 to the DMZ, right? That is only for users to connect ot the OME web-interface.
yeah, 2607 is just for website access.
May I suggest that future documentation breaks down this info more clearly? Like one table showing which ports are needed open for the OME server, and another table showing which ports are needed open for servers that need to be monitored by OME. In most scenarios, the OME server itself wont be living inside a DMZ, but it will NEED to monitor servers inside a DMZ. The way the information is currently presented in the Users Guide is confusing since you have to extrapolate which ports are truly needed for the clients that need to be monitored by OME.
Thanks for your suggestion.
We have separated the ports for management station (OME server) and managed nodes and it is updated in the online user guide located below. You can find the updated table under "Managing Security Settings" section.
This will also be part of upcoming OME release.
What about the following ports? They are not mentioned in the user guide section.
Task Management Service port - 3668
Network Monitor Port - 2606