What are the network connection requirements and firewall ports needed for Analysis Center? (NETIQKB70037)

  • 7770037
  • 13-Feb-2007
  • 09-Nov-2010


NetIQ Analysis Center 2.x


What are the network connection requirements and firewall ports needed for Analysis Center?
Network connection requirements and firewall ports needed for the installation of Analysis Center


When separating Analysis Center from your AppManager repository by a firewall, you must specify the SQL communication port open for Analysis Center. Some recommended best practices for Analysis Center are:

  • Place all the Analysis Center components on the internal network.
  • Install Analysis Center using the recommended security model and then define standard SQL authentication for the connectivity to the AppManager repository when creating the data source.
  • On the firewall, open the standard SQL Server port to the AppManager repository machine from the Analysis Center Data Mart machine.  The default standard port is 1433. If the standard port has changed, then open the new port.

Use the following guide for port assignment among AC components:

  • Port 80 open from the AC Console to the WebServices (IIS Server)
  • Port 1433 for SQL (or your designated port for SQL) for the WebServices to the AC_Warehousr and AC_Configuration database connections.
  • Ports 2393, 2394 and 2725 for the WebServices to the Analysis Services OLAP database connection
  • If you have your Data Mart installed on a separate server from your Data Warehouse, you will also need port 135 open for DTC

NOTE: Configuring a mutiple firewall configuration for a distributed AC configuration has not been verified by NetIQ.  While no problems should occur, this configuration may not function without the required ports detailed below, or additional settings determined by your network and firewall administrators.

Communication will initiate from the Analysis Center Data Mart SQL Server machine issuing SQL queries against the AppManager repository database via DTS packages.  Also, NetIQ recommends that the Data Mart and Data Warewhouse component servers be on the same local network for speed and reliability.

Console to Web Service 

80 Http connection to the web service

Web Service to Data Warehouse  
Port Description
1433 The default for SQL Server
2393, 2394 and 2725 Analysis Server (OLAP) http://go.microsoft.com/fwlink/?LinkId=15299 .

Data Warehouse to Data Mart  

Port Description
1433 The default for SQL Server

Data Mart to QDB   

Port Description
1433 The default for SQL Server

Configure SQL Server to use TCP/IP:

In order for SQL to function in a firewall environment you must make sure that SQL is only using the TCP/IP network libraries for communications.  You must ensure that named pipes is not enabled in the Server Network Utility and Client Network Utility.

Specifically, here is a list of ports required by various Microsoft Components (see this Microsoft KB for more details: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/csvr2002/htm/cs_dp_typical_mjjt.asp):

1433 The default for SQL Server
2393, 2394 and 2725 Analysis Server (OLAP)
For additional information, see Knowledge Base article 301901: "INF: TCP Ports Used by OLAP Services when Connecting Through a Firewall," available at http://go.microsoft.com/fwlink/?LinkId=15299
135 DTC
Allow access in both directions, inbound and outbound.

If you are using a firewall that does not manage RPC connections, you will need to modify the registry on the computers involved to limit RPC secondary outbound ports to 5000-5020 (or whatever your preferred ports are) for Microsoft Distributed Transaction Coordinator (MSDTC).

389Active Directory name resolution
88Active Directory authentication
445Server Message Block * This may be required for file sharing as defined by Microsoft

This KB article has several links for Single and multiple firewall configurations.

Additional Information

Formerly known as NETIQKB70037