What are the ports being used by UIM/Nimsoft?

Port reference.

- guidance

The following describes the basic/minimum requirements for hub-to-hub and hub-to-robot communication.  At the bottom of this article is a link to the full documentation which goes into some additional detail.

Robot:

Robot listens on port 48000.  At the bare minimum it needs to receive connections on this port from its own hub. 

The process itself also listens locally on ports 48001 and 48007 for the spooler and hdb probes but these are internal only - the only thing connecting to these ports will be probes installed on the same robot.

Probes:

Each probe on a robot needs one port after 48007.
e.g. if 2 probes are on the robot (e.g. cdm and logmon) usually this would use  48008, 48009, going up sequentially for each additional probe.

20 probes would need 20 ports, e.g. 48008-48028.

note: this requires "first_probe_port" to be set in the controller otherwise random ports will be used.

We generally recommend a range like 48000-48020 or 48000-48050 to accommodate future probe growth.

Robot/Probe Summary of Firewall Ports Needed:

Open 48000 to receive connections from the hub

Open 48008-480xx so probes can receive connections coming from hub to probes (depending on number of probes)

Hub:

A hub always runs on a robot, so the above which applies to the robot also applies to any hub, but also the folowing additions for the hub:

A hub listens on port 48001 and 48002 for connections from the robots that connect to that hub.  (internal)

If the hub is a tunnel server it also listens on port 48003 for connections from the tunnel clients. (external)

If the hub is a tunnel client then aside from the "local" hub ports, it only needs to be able to initiate outbound connection to its tunnel server on port 48003.

Hub Summary of Firewall Ports Needed (includes robot ports from above)

Open 48000 for the hubrobot itself (receives commands from other local robots and potentially from Infrastructure Manager clients locally)

Open 48001 internally (receiving connections from the hub's own robots) for spooler (recieves qos and alarms from robots)

Open 48002 internally (receiving connections from the hub's robots and other "local" hubs)

Open 48003 externally if the hub is a tunnel server, for connections from the tunnel clients

Open 48008-480xx internally so probes can receive connections coming from hub to probes

The preceding information relates to inbound connections - ports on which components "listen" for connections. 

In the vast majority of network environments, outbound communication is not generally restricted by the firewall in the same way as inbound connections.  In certain "highly secure" environments this may not be the case, and it may be necessary to open corresponding outbound routes for each of the connections described here, but given the rarity of this scenario, in most cases opening the inbound firewall ports (and forwarding them appropriately as needed in the case of NAT environments) will be sufficient for DX UIM communications.  

Some documentation related to firewall ports for DX UIM refers to 'bidirectional' communication; this generally refers to a communication being allowed over "established" TCP connections;  in terms of a firewall, it is generally most important to know which side has initiated a connection and which side is receiving it, but generally speaking, it is assumed that once a connection has been initiated and established, communication will be permitted to flow in 'both directions' across that connection -- in other words, a typical TCP SYN/ACK conversation.

It does not mean, for example, that tunnel clients need to receive connections on port 48003 just like tunnel servers;  it means that tunnel clients need to be allowed to connect to the tunnel server which listens on port 48003, and the tunnel server must be allowed to communicate back along that established connection. So in a tunnel scenario, a tunnel server listens on port 48003, and a tunnel client does not need to listen at all (other than to its own robots). 

Again, this is the default in most environments since it is generally necessary for TCP communication to function properly, but the 'bidirectional' terminology is a common source of confusion in the documentation.

The following link contains the official documentation for UIM Firewall Ports:   Firewall Port Reference (UIM 20.4)