Environment
NetIQ AppManager 7.0.x
NetIQ AppManager for Cisco Call Manager 7.x
NetIQ Vivinet Assessor 2.x
NetIQ Vivinet Diagnostic 3.x
Situation
What firewall ports need to be open in order to allow the AppManager Proxy to monitor VoIP devices?
Which ports are used by the AppManager Proxy agent to communicate with a Cisco VoIP environment?
Which ports are used by the AppManager Proxy agent to communicate with a Cisco VoIP environment?
Resolution
| Protocol | Port | Type | Description |
| TCP | 21 / 22 | FTP/SFTP | Flat files sent from CUCM to CDA Proxy (CUCM v5.x / 6.x). This is configurable in the Windows FTP dialogs (built into IIS). |
| TCP | 80 | Web | HTTP requests between the Phone Quality Proxy and the Cisco IP Phones. |
| TCP | 80 | Web | HTTP requests between Vivinet Diagnostics and the Cisco IP Phones. |
| UDP | 161 | SNMP | SNMP read requests between Network Device Module and network devices |
| SNMP read requests between Vivinet Diagnostics and the CCM publisher. | |||
| SNMP read requests between Vivinet Diagnostics and the Layer 2 devices. | |||
| SNMP read/write requests between Vivinet Diagnostics and the Layer 3 devices. | |||
| UDP | 162 | SNMP TRAP | SNMP 161 is Proxy listening port used for Traps, sent from the CUCM (this is changeable). |
| TCP | 443 | SSL | TCP 443 is used only for one Knowledge Script (WebPageCheck) This is not changeable. |
| TCP | 1433 | ODBC | ODBC requests between the CDA proxy and the CUCM Publisher. (CUCM v3.x / 4.x) |
| TCP | 1433 | AXL/HTTP | requests between the Vivinet Diagnostics and the CCM Publisher. |
| TCP | 8433 | AXL | default port for the AXL communication between CUCM and Proxy. This Port is changeable (See Note) |
| TCP | 10115 | Used for comunications to and between Performance Endpoints | |
| TCP | 10116 | Used by Performance Endpoints to report test results back to Proxy and VA or Vdiag consoles. | |
| RTP | 16383+ | If Cisco SAA (IP SLA) in enabled then Vivinet Diagnostics uses that for the remote Layer 3 traceroutes and if there are problems detected then for SAA Jitter tests. This functionality requires access to a write MIBs. | |
| If NetIQ endpoints are used the RTP ports 16383+ are used to do remote traceroutes and VoIP RTP test calls. |
Additional Information
Formerly known as NETIQKB71783
If the default AXL HTTPS port (8443) is changed in the CCM admin, you can specify the new port in the AppManager Security Manager settings. This port is can be changed. This AXL communication is used for most of the Knowledge Scripts in the module, including Discovery. The AppManager Proxy initiates the requests.
If the default AXL HTTPS port (8443) is changed in the CCM admin, you can specify the new port in the AppManager Security Manager settings. This port is can be changed. This AXL communication is used for most of the Knowledge Scripts in the module, including Discovery. The AppManager Proxy initiates the requests.