Previous Topic: Ports to Open for a Standalone SystemNext Topic: Ports to Open for a Three-Tier Distributed Deployment

Preparing Windows Servers for the UpgradeFirewall RequirementsPorts to Open for a Two-Tier Distributed Deployment

Ports to Open for a Two-Tier Distributed Deployment

Data flows to Harvesters, then to the NFA console and web display.

Two-Tier Distributed Deployment

NFA console and Harvesters on separate servers, but no DSA

Open the following ports in a two-tier distributed deployment to allow communication among the NFA console, Harvesters, and other elements.

From

To

Port [Function]

NFA console

Outbound
  • TCP 25 [SMTP email reports]
  • UDP 53 [DNS]

Harvester
  • TCP 3307 [CA MySQL]
  • TCP 3308 [MySQL]
  • TCP 8066 [SOAP web service calls]
  • TCP 8080 [File web server port for collecting Harvester files]
  • UDP 161 [Watchdog service]

     

Harvester

Routers (SNMP interface, read-only)
  • UDP 161 [SNMP polling]

Trap destination
  • UDP 162 [traps]

Router

Harvester
  • UDP 9995 [flow]

Administrators and users

NFA console
  • TCP/HTTP 80 [UI access and SNMP web services]
  • TCP/HTTP 8381 [Single Sign-On]
  • TCP 8681 [Report Information Base (RIB) reporting]

CA Performance Center Console

NFA console
  • TCP/HTTP 80 [device and interface synchronization with CA Performance Center]
  • TCP 8681 [data import for CA Network Flow Analysis views in CA Performance Center]

Administrators

Each server
  • TCP 3389 [Remote Desktop, if Remote Desktop is used]
  • TCP 5800, 5801, 5900, 5901 [VNC, if VNC is used]