Question:
If an execution server and agent server are separated by a firewall, is it enough to open outbound connections from the execution server to the agent server on port 6600? Or are both outbound and inbound connections from execution server to the agent server on port 6600 required?
Answer:
For execution server and agent server communications, port 6600 will need to be open for both inbound and outbound connections.
Source | Protocol | Target | Target Port | Reason |
Execution Server | TCP/SSL | Agent | 6600 | Default port for file transfer during a process. |
Agent | TCP/SSL | Execution Server | 6600 | Transfer of process results back to the Execution Server at end of execution. |
Additional Information:
The additional ports below may also need to be opened between execution servers and agent servers depending on your needs.
Source | Protocol | Target | Target Port | Reason |
Agent | TCP/SSL | Execution Server | 6900 | If an Agent is installed on the Execution Server, CA recommends to open up traffic from all Agent to the Execution Servers on 6900 (default port). In this case, all Agent to Execution Servers on 6600 requires bidirectionally be enabled. |
Execution Server | TCP/SSL | Agent | 135 and 445 | Remote Agent installation on Windows platforms. |
Execution Server | TCP/SSL | Agent | 22 | Remote Agent installation on Unix via SSH. |
Note: All port numbers are configurable. All source ports are random.