In some cases, security policy may require that web servers are not listening or accepting HTTP Traffic.  They may require that the web servers only listen on HTTPS.  The Siteminder Access Gateway Server is configured to listen to incoming requests on the following TCP Ports by default:

tcp port 80
tcp port 443
tcp port 8080
tcp port 543

It may be required to disabled the Siteminder Access Gateway Server from listening on tcp ports 80 and 8080.

Product: Siteminder

Component: Access Gateway

Version: r12.8.x

Operating System: ANY

The Siteminder Access Gateway Server is bundled with three components; Apache Tomcat, Apache HTTP Server, and the Siteminder Web Agent. 

Apache is configured to listen to tcp ports 80 and 443

Tomcat is configured to listen to tcp ports 8080 and 543

Disable Siteminder Access Gateway from listening on TCP Port 80

1) Logon to the Siteminder Access Gateway Server

2) Edit to the following file:

Windows: <Install_DIr>\CA\secure-proxy\httpd\conf\httpd.conf

Linux:       <Install_DIr>/CA/secure-proxy/httpd/conf/httpd.conf

3) Make the following change:

#Listen 80

4) Save the 'httpd.conf' file

5) Stop and start the Siteminder Access Gateway Server.

NOTE: Now all incoming Apache connections will only be served on tcp ports defined with the "Listen" directive in the '<Install_Dir>/CA/secure-proxy/httpd/conf/extra/httpd-ssl.conf' file.

Disable Siteminder Access Gateway from listening on TCP Port 8080

The Tomcat connection properties are only used for the Access Gateway AdminUI (pka SPSAdminUI)

1) Logon to the Siteminder Access Gateway host

2) Edit the following file:

Windows: <Install_DIr>\CA\secure-proxy\proxy-engine\conf\server.conf

Linux:       <Install_DIr>/CA/secure-proxy/proxy-engine/conf/server.conf

3) Comment out the following value

#local.http.port=8080
local.https.port=543
local.https.keyStoreFileName="tomcat.keystore"

local.https.sslEnabledProtocols="TLSv1.2,TLSv1.1"

4) Save the changes to the 'server.conf' file.

5) Stop and start the Siteminder Access Gateway