Environment
NetIQ Change Guardian 4.1
NetIQ Change Guardian 4.2
NetIQ Change Guardian 4.2
Situation
What ports are required for Change Guardian Server and Agent communication?
What ports are required for Change Guardian Agent to communicate with the CG Server?
Resolution
The Change Guardian Server requires the following ports:
8094 Inbound Required Port Allows the Change Guardian Server to accept connections from agents that retrieve their assigned monitor policies.
8443 Inbound Required Port Allows the Change Guardian Server to receive events from monitored assets.
389 or 636 Outbound Required Port Enables the LDAP authentication and the expansion of Active Directory groups. The port initiates a connection to the LDAP Server.
25 Outbound Optional Default email port. This port may be different based on the specific email implementation.
54984 Inbound Optional Used by the Sentinel Appliance Management Console (WEBYAST). Also used by the Sentinel appliance for the update Service.
443 or 80 Outbound Optional WebYast initiates a connection to either the NetIQ appliance update repository (https://nu.novell.com) or a subscription management tool service location on your network.
9094 Inbound Required Allows the Change Guardian Server to call JAVOS on this port to (loopback) signal/reset the event destination cache.
9095 Inbound Required Allows users to see runtime metrics and active threads.
(loopback)
8082 Inbound Required Allows the CAM Service to connect from the agent to request the agent software. (version 4.2)
The Change Guardian Agent Ports:
8094 Inbound Required Allows the Policy Editor to connect to the agent to browse objects on the monitored asset. (Windows)
8094 Outbound Required Allows the agent to connect to the Change Guardian Server to retrieve assigned monitoring policies and heartbeat.
8443 Outbound Required Allows the agent to connect to the Change Guardian Server or Sentinel to send events.
2620 Inbound Optional Allows the Policy Editor to connect to the agent to browse objects on the monitored asset. (Unix)
Cause
Connection or communication issues before, during or after an installation of Change Guardian.
Additional Information
The ports listed above are hard coded into the product and cannot be modified.