SolarWinds Port Requirements

Updated May 28, 2019

The following reference provides a comprehensive list of port requirements for SolarWinds products. The ports vary from product to product and on a per use basis. In some cases ports are configurable. Refer to your product Administrator Guide for more information.

Additional Polling Engines

Additional Polling Engines have the same port requirements as Main Polling Engine. The following ports are the minimum required for an Additional Polling Engine to ensure them most basic functions.

Port Proto-
col
Service/
Process
Direction Description
161 UDP SolarWinds Job Engine Outbound The port used for sending and receiving SNMP information.
162 UDP SolarWinds Trap Service Inbound The port used for receiving trap messages.

1433

TCP

SolarWinds Collector
Service
Outbound The port used for communication between the APE and the Orion database.
1434 UDP SQL Browse Service Outbound The port used for communication with the SQL Server Browser Service to determine how to communicate with certain non-standard SQL Server installations. Required only if your SQL Server is configured to use dynamic ports.
1801 TCP Message Queuing WCF Inbound The port used for MSMQ messaging from the Orion Web Console to the Additional Polling Engine.

5671

TCP

RabbitMQ Bidirectional

The port used for SSL-encrypted RabbitMQ messaging from the Orion Web Console to the Additional Polling Engine.

17777

TCP

SolarWinds Information
Service
Bidirectional

The port used for communication between the Additional Polling Engine and the Orion Web Console.

Additional Web Servers

Port Proto-
col
Service/Process Direction Description

80

TCP

World Wide Web Publishing Service Inbound

Default additional web server port. Open the port to enable communication from your computers to the Orion Web Console.

If you specify any port other than 80, you must include that port in the URL used to access the web console. For example, if you specify an IP address of 192.168.0.3 and port 8080, the URL used to access the web console is http://192.168.0.3:8080.

443 TCP IIS Inbound The default port for https binding.

1433

TCP

SolarWinds Information Service Outbound

The port used for communication between the SolarWinds server and the SQL Server. Open the port from your Orion Web Console to the SQL Server.

1801 TCP Message queuing Outbound The port used for MSMQ messaging from the Additional Web Server to the Main Polling Engine.
5671 TCP RabbitMQ Outbound The port used for SSL-encrypted RabbitMQ messaging from the Additional Web Server to the Main Polling Engine.

17777

TCP

SolarWinds Information Service Outbound

Orion module traffic. Open the port to enable communication from your polling engine to the web server, and from the web server to your polling engine.

DameWare (DRS, MRC)

By default, Dameware listens to the following ports:

Port Description Direction Used with Change Default Port in Modify settings on
443 Dameware Internet Proxy HTTPS - Used to connect computers through an Internet Session or download a Mini Remote Control or Internet Session agent Incoming Dameware Internet Proxy The Configuration Wizard N/A
6129 Mini Remote Control protocol - Dameware agents listen on this port for incoming remote desktop connections Incoming Dameware Mini Remote Control Dameware Mini Remote Control application Mobile Client in Global Settings
6130 Dameware Mobile Client protocol - Gateway service listens on this port for incoming mobile connections Incoming Dameware Mobile Gateway Administration Console or the Configuration Wizard Mobile Client on the gateway login screen
6132 Internet Session data stream between Mini Remote Control and the Dameware Internet Proxy Bi-directional Dameware Central Server
Dameware Internet Proxy
The Configuration Wizard N/A
6133 Communication requests for Dameware Central Server components Bi-directional Dameware Central Server
Dameware Internet Proxy
Dameware Mobile Gateway
The Configuration Wizard Remote Support, Mini Remote Control, and Administration consoles on the login screen
Optional ports for specific Dameware features:
UDP 137 Name Services port for File & Printer Sharing, User and Computer Authentication Incoming Dameware Remote Support
Dameware Mini Remote Support
Dameware Central Server
Windows systems settings N/A
138 Datagram Services port for File & Printer Sharing Incoming Dameware Remote Support
Dameware Mini Remote Support
Windows systems settings N/A
139 Session Services port for File & Printer Sharing,User and Computer Authentication Incoming Dameware Remote Support
Dameware Mini Remote Support
Dameware Central Server
Windows systems settings N/A
TCP and UDP 445 Direct Hosting, NetBIOS for File & Printer Sharing, User and Computer Authentication Incoming Dameware Remote Support
Dameware Mini Remote Support
Dameware Central Server
Windows systems settings N/A
5900 VNC default port Incoming Dameware Mini Remote Support
Dameware Central Server
MRC connection settings and in VNC configuration server MRC connection settings and in VNC configuration server
88 Kerberos V5 port Incoming Dameware Central Server N/A N/A
3389 RDP port Incoming Dameware Mini Remote Support
Dameware Central Server
MRC connection settings and in Windows registry MRC connection settings and in Windows registry
Dynamic NTLM port N/A Dameware Central Server N/A N/A
16993 Accessing Intel AMT secure(SSL) Incoming Dameware Mini Remote Support MRC connection settings and in Intel AMT server MRC connection settings and in Intel AMT server
16992 Accessing Intel AMT Incoming Dameware Mini Remote Support MRC connection settings and in Intel AMT server MRC connection settings and in Intel AMT server
UDP and TCP 389 For LDAP to handle normal queries from client computers to the domain controllers Incoming Dameware Central Server N/A N/A
TCP and UDP 53 For DNS from client to domain controller and domain controller to domain controller Incoming Dameware Central Server N/A N/A
TCP 636 Computer Authentication over SLL Incoming Dameware Central Server N/A N/A

To use Internet Session functionality, you must open port 443 in your organization's firewall to allow the Dameware Internet Proxy to communicate with users outside of your internal network.

Database Performance Analyzer (DPA)

Port Protocol Service or Process Direction Encryption Description
8123 HTTP

Windows: Ignite PI Service

Linux: java/tomcat

Inbound

Outbound

Default HTTP port for web server
8124 HTTPS

Windows: Ignite PI Service

Linux: java/tomcat

Inbound

Outbound

TLS 1.0

TLS 1.1

TLS 1.2

Default HTTPS port for web server
8127 TCP

Windows: Ignite PI Service

Linux: java/tomcat

Internal Internal Tomcat shutdown port
80 HTTP

Windows: Ignite PI Service

Linux: java/tomcat

Inbound

Outbound

Default HTTP port for web server (Amazon Machine Images only)
443 HTTPS

Windows: Ignite PI Service

Linux: java/tomcat

Inbound

Outbound

TLS 1.0

TLS 1.1

TLS 1.2

Default HTTPS port for web server (Amazon Machine Images only)

Database Performance Analyzer Integration Module (DPAIM)

In addition to the port requirements necessary for SolarWinds DPA and any other Orion Platform products, integration requires the following ports:

DPA server

Port Protocol Service or Process Direction Encryption Description

443 (cloud) or

8124 (on-premises)

TCP (HTTPS)

Windows: Ignite PI Service

Linux: java/tomcat

Inbound

Outbound

TLS 1.0

TLS 1.1

TLS 1.2

This is the default port number of your DPA website and jSWIS proxy.

This port must be open to receive data from the SolarWinds Orion server.

Orion server

Port Protocol Service or Process Direction Description
17776 TCP SolarWinds Information Service

Inbound

Outbound

This port must be open to access the SolarWinds Information Service API (notifications).
17777 TCP

SolarWinds Information Service

SolarWinds Orion Module Engine

Inbound

Outbound

This port must be open for all Orion Platform product traffic.
17778 TCP SolarWinds Information Service

Inbound

Outbound

This port must be open to access the SolarWinds Information Service API.

Engineer's Toolset (ETS)

The following lists the required ports needed for the Engineer's Toolset.

Component

Port

Type

Description

Syslog Server

514

UDP

Allows you to listen for incoming Syslog messages on UDP port 514.

WAN Killer

7
9

Use port 7 to generate traffic going both ways. When data is sent to port 7 (echo), all traffic that is received by the target device will be sent back to WAN Killer. This will generate a load in both directions.

Use port 9 (discard) to generate one-way traffic. Port 9 discards all data when received.

Netflow Realtime

2055

Listens on Port 2055

TFTP Server

69

UDP

SNMP Polling

161

Sending emails

25

Web Toolset

  • Uses port 443 for Secured SSH Connection.

Enterprise Operations Console (EOC)

Port Protocol Service or Process Direction Component Encryption Description
80 TCP IIS (w3wp.exe) Bidi-rectional Website No HTTP default for the Orion Web Console
443 TCP IIS (w3wp.exe) Bidi-rectional Website SSL/TLS 1.2 HTTPS default for the Orion Web Console
17777 TCP SolarWinds Information Service Bidi-rectional SWIS Certificate (SHA-512) Used for the SolarWinds Information Service (SWIS) protocol

High Availability

Port Protocol Service/
Process
Direction Description
53 UDP SolarWinds High Availability Service outbound Used when failing over with a virtual hostname to update the virtual hostname's DNS entry and for periodic monitoring.
4369 TCP RabbitMQ bidirectional TCP ports 4369 and 25672 must be open between the main and secondary servers to allow RabbitMQ clustering between the two servers. These ports exchange EPMD and Erlang distribution protocol messages for RabbbitMQ. They do not need to be open in additional polling engine pools.
5671 TCP

SolarWinds High Availability

bidirectional Port 5671 must be open into the HA pool with the main Orion server from all Orion servers.
17777 TCP SolarWinds installer bidirectional Used when installing the standby server software. You can close this port after installation.
25672 TCP RabbitMQ bidirectional TCP ports 4369 and 25672 must be open between the main and secondary servers to allow RabbitMQ clustering between the two servers. These ports exchange EPMD and Erlang distribution protocol messages for RabbbitMQ. They do not need to be open in additional polling engine pools.

IP Address Manager (IPAM)

RPC Ports dynamically assigned above 1024. To configure RPC dynamic port allocations see: http://support.microsoft.com/kb/154596.

Port Protocol Direction Description Encryption
53 TCP

Used for zone transfers, DNS record polling

161 UDP bidirectional Statistics collection
17777 TCP bidirectional

Orion module traffic. Open the port to enable communication from your poller to the Orion Web Console, and from the Orion Web Console to your poller.

High Availability Service. Used for communication between the main server and pool members.

Job Engine V2, Collector Service, Business Layer, and Information Service v2,23. Used for communication between the services.

The port used for communication between the Orion Web Console and the poller.

RSA handshake, AES 256 communication using WCF

17778 TCP

Required to access the SolarWinds Information Service API and agent communication

SolarWinds Information Service API

SSL

ipMonitor

ipMonitor uses the following local Ports:

  • HTTP Port (default is 8080 and TCP 443 for SSL or administrator assigned).

The following table provides the various ports that are utilized depending on which monitor is enabled.

Monitor

Type

Port

Parent Protocol

ACTIVE DIRECTORY

Active Directory

389

TCP

BANDWIDTH USAGE

Bandwidth

161

UDP

BATTERY

Battery

161

UDP

CPU USAGE

Processor Usage

161

UDP

DIRECTORY MONITOR

Directory Usage

n/a

SMB or NFS

DNS-QA

Quality Assurance Domain Name Service

53

TCP

DNS-TCP

Domain Name Service - Transmission Control Protocol

53

TCP

DNS-UDP

Domain Name Service - User Datagram Protocol.

53

UDP

DRIVE SPACE

Drive Space Availability

161

UDP

EVENT LOG

NT Event Log Monitor

n/a

n/a

EXCHANGE SERVER

Microsoft® Exchange Server

n/a

n/a

EXTERNAL PROCESS

Executable File

n/a

n/a

FAN MONITOR

Fan Status

161

UDP

FILE PROPERTY

Any File Type

n/a

SMB or NFS

FILE WATCHING

Any File Type

n/a

SMB or NFS

FINGER

Finger Information Server

79

TCP

FTP

File Transfer Protocol

21

TCP

FTP-QA

Quality Assurance File Transfer Protocol

21

TCP

GOPHER

Menu driven front end to resource services such as anonymous FTP

70

TCP

HTML / ASP

HyperText Transfer Protocol

80

TCP

HTTP

HyperText Transfer Protocol

80

TCP

HTTP-QA

Quality Assurance HyperText Transfer Protocol

80

TCP

HTTPS

Hypertext Transfer Protocol Secure

443

TCP

HUMIDITY

Humidity Levels

161

UDP

IMAP4

Internet Message Access Protocol

143

TCP

IMAP4-QA

Quality Assurance Internet Message Access Protocol

143

TCP

IPMONITOR

ipMonitor

80, 443

TCP

IRC

Internet Relay Chat

6667

TCP

KERBEROS 5

Kerberos 5

88

UDP

LDAP

Lightweight Directory Access Protocol

389

UDP

LINK-QA

Quality Assurance Link

80

TCP

LOTUS NOTES

Lotus NotesTM Transport

1352

TCP

MAPI-QA

Microsoft Messaging Application Program Interface

n/a

n/a

MEMORY USAGE

Physical Memory (RAM)

161

UDP

NETWORK SPEED

Speed or Bandwidth Monitor

19

TCP

NNTP

Network News Transfer Protocol

119

TCP

NTP

Network Time Protocol

123

UDP

PING

Packet InterNet Groper

n/a

ICMP

POP3

Post Office Protocol

110

TCP

POP3-QA

Quality Assurance Post Office Protocol

110

TCP

RADIUS

Remote Authentication Dial-In User Service protocol

1812

UDP

RWHOIS

Recursive WhoIs Information Server

4343

TCP

SERVICE

Windows NT Service Monitor

n/a

NT Specific

SMTP

Simple Mail Transfer Protocol

25

TCP

SNMP

Simple Network Management Protocol

161

TCP

SNMP-QA

Quality Assurance Simple Network Management Protocol

161

UDP

SNMP TRAP-QA

Simple Network Management Protocol Traps

162

UDP

SNPP

Simple Network Pager Protocol

444

TCP

SQL: ADO

Structured Query Language: ActiveX Data Objects

n/a

NT Specific

SQL: ADO-QA

Structured Query Language: ActiveX Data Objects

n/a

NT Specific

SQL SERVER

Structured Query Language Server

n/a

NT Specific

TELNET

Remote Terminal Protocol

23

TCP

TEMPERATURE

Temperature Levels

161

UDP

WHOIS

WhoIs Information Server

43

TCP

ipMonitor Traps

Any agent you configure to send Traps to ipMonitor must use this same IP Address and Port combination.

If the Windows SNMP Trap Service is enabled on the ipMonitor host computer, it is very likely to conflict with ipMonitor's SNMP Trap Listener. Both are bound by default to port 162.

The POP3 User Experience monitor delivers an email to the SMTP server on port 25 for the recipient address you specify. The monitor then logs in to the POP3 Mail Server on port 110 and retrieves the LIST of queued mail.

Kiwi CatTools

Kiwi CatTools uses the following ports.

Port Transport Layer Protocol Used For
22 TCP / UDP SSH Connecting to other devices
23 TCP Telnet Connecting to other devices
25 UDP SMTP Sending out emails
514 UDP Syslog Sending syslog messages
161 UDP SNMP Sending SNMP messages

Kiwi Syslog Server

Port Protocol Used for
514 (default), plus one Ephemeral port UDP Incoming UDP messages
1468 (default) TCP Incoming TCP messages

162 (default) for IPv4

163 (default) for IPv6

UDP

Incoming SNMP traps

6514 (default) TCP Incoming secure TCP messages
3300, plus one Ephemeral port TCP Internal communication between the Syslog service and Syslog Manager
8088 (default) TCP Kiwi Syslog Web Access

Log & Event Manager (LEM)

Port #ProtocolServiceDirectionDescription
22, 32022TCPSSHBidirectional

SSH traffic to the SolarWinds LEM VM. (Port 22 is not used prior to version 6.3.x.)

If you need to close either ports 22 or 32022, contact SolarWinds Support.

25TCPSMTPOutboundSMTP traffic from the SolarWinds LEM VM to your email server for automated email notifications.
80, 8080TCPHTTPBidirectionalNon-secure HTTP traffic from the SolarWinds LEM console to the SolarWinds LEM VM. (LEM closes this port when activation completes, but you can re-open it with the CMC togglehttp command.)
139, 445TCPNetBIOS, SMBBidirectional

Standard Windows file sharing ports (NetBIOS Session Service, Microsoft SMB) that LEM uses to export debug files, syslog messages, and backup files.

The LEM Remote Agent Installer also uses these ports to install Agents on Microsoft Windows hosts across your network.

161, 162TCPSNMPBidirectionalSNMP trap traffic received from devices, and used by the Orion platform to monitor LEM. (Monitoring LEM on port 161 is not used prior to version 6.3.x.)
389, 636TCP LDAPOutbound

LDAP ports that the LEM Directory Service Connector tool uses to communicate with a designated Active Directory domain controller.

The LEM Directory Service Connector tool uses port 636 for SSL communications to a designated Active Directory domain controller.

443, 8443TCPHTTPSBidirectional

HTTPS traffic from the SolarWinds LEM console to the LEM VM.

LEM uses these secure HTTP ports after LEM is activated.

(445)TCPSee entry for port 139.
514TCP or UDPSyslogInboundSyslog traffic from devices sending syslog event messages to the SolarWinds LEM VM.
(636)TCPSee entry for port 389.
2100UDPNetFlowInboundNetFlow traffic from devices sending NetFlow to the SolarWinds LEM VM.
6343UDPsFlowInboundsFlow traffic from devices sending sFlow to the SolarWinds LEM VM.
(8080)TCPSee entry for port 80.
(8443)TCPSee entry for port 443.
8983TCPnDepthInboundnDepth traffic sent from nDepth to the LEM VM containing raw (original) log data.
9001TCPLEM reports applicationBidirectionalLEM reports application traffic used to gather LEM teports data on the LEM VM.
(32022)TCPSee entry for port 22.
37890-37892TCPLEM AgentsInboundLEM Agent traffic sent from SolarWinds LEM Agents to the SolarWinds LEM VM. (These ports correspond to the destination ports on the LEM VM.)
1024 –65535TCPLEM AgentsOutbound

The LEM Manager uses ephemeral ports to send return traffic from the LEM Manager to the LEM Agents. Operating systems have different ephemeral port ranges. When LEM requests an available port, the OS running the LEM Agent selects an available port number from a predefined range.

For information about OS-specific ephemeral port number ranges, see Ephemeral Source Port Selection Strategies. (© 2017 Team Cymru, available at https://www.cymru.com/, obtained on October 9, 2017.)

LEM no longer uses the port listed in the following table.

Port # Protocol Service Direction Description
5433 TCP LEM Reports Inbound Port 5433 is no longer used. Previously, this port carried traffic from the SolarWinds LEM reports application to the SolarWinds LEM VM. This was used by versions prior to LEM 5.6, for which support ended December 2015.

Log Analyzer

  • Ports 4369, 25672, and 5672 are opened by default on the main server for RabbitMQ messaging. These ports can be blocked by the firewall. When running SolarWinds High Availability, ensure ports 4369 and 25672 are open.
  • RPC ports > 1024 (TCP, bidirectional) is used by the Job Engine v2 process to communicate with Windows nodes.

PortPro-
tocol
Service/
Process
DirectionDescriptionEncrypt- ion
user-defined, default: 22SSH

SolarWinds Job Engine v2

IIS

Outbound from the Orion server to the devicePort for accessing ASA devices through CLIDevice-based

25

TCP

SolarWinds Alerting Service V2Outbound

SMTP port for non-encrypted messages

n/a
53UDPSolarWinds Job Engine v2Bi-
directional
Resolving DNS queriesn/a

80

TCP

IISInbound

Default additional web server port. If you specify any port other than 80, you must include that port in the URL used to access the web console. For example, if you specify an IP address of 192.168.0.3 and port 8080, the URL used to access the web console is
http://192.168.0.3:8080. Open the port to enable communication from your computers to the Orion Web Console.

The port might also be used for Cisco UCS monitoring.

n/a
135TCPMicrosoft EPMAP (DCE/RPC Locator service)Bi-
directional
Required for devices polled via WMI. Used to initiate communication with the remotely managed host. 

161

UDP

SolarWinds Job Engine v2

SolarWinds Cortex

Bi-
directional

Send and receive SNMP
information

SNMP v1 and v2 are unencrypted. SNMP v3 uses AES and 3DES encryption.

162

UDP

SolarWinds Trap Service

SNMP Informs

Inbound

Receive trap messages

n/a

443

TCP

IISInbound

Default port for https binding.

SSL

465

TCP

SolarWinds Alerting Service V2Outbound

SMTP port used to send TLS-enabled email alert actions

SSL

514

UDP

SolarWinds Syslog ServiceInbound

Receive syslog messages

n/a

587

TCP

SolarWinds Alerting Service V2Outbound

SMTP port used to send TLS-enabled email alert actions

TLS

1433

TCP

SolarWinds Alerting Service V2

SolarWinds Administration Service

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Orion Module Engine

Outbound

Communication between the Orion server and the SQL Server.

n/a

1434

UDP

SolarWinds Alerting Service V2

SolarWinds Administration Service

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Orion Module Engine

SQL Server Browse Service

Outbound

Communication with the SQL Server Browser Service to determine how to communicate with certain non-standard SQL Server installations. Required only if your SQL Server is configured to use dynamic ports.

n/a

1801

TCP

MSMQBidirectional

MSMQ WCF binding

WCF

5671

TCP

RabbitMQ

Bi-
directional

For encrypted RabbitMQ messaging (AMQP/TLS) into the main polling engine from all Orion servers (additional polling engines, HA servers, or additional web servers).

Sending messages to RabbitMQ.

TLS 1.2

17777

TCP

SolarWinds Orion Module Engine

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Cortex

Bi-
directional

Communication between services and SolarWinds Orion module traffic.

Communication between the Orion Web Console and the polling engines.

Communication between the main server and pool members.

RSA handshake, AES 256 communication using WCF

TLS 1.2 with Cortex

17778

HTTPS

SolarWinds AgentInbound to the Orion server

Required for access to the SWIS API and agent communication

SSL

See SolarWinds Port requirements for a comprehensive list of port requirements for SolarWinds products.

Optional, individual components, such as Orion agents and High Availability, have additional port requirements.

When LA is installed, the legacy SolarWinds Syslog Service and SolarWinds Trap Service are replaced by SolarWinds Log Analyzer for Orion Syslog Service and SolarWinds Log Analyzer for Orion Trap Service, but the port requirements remain the same.

Netflow Traffic Analyzer (NTA)

The following table lists ports that SolarWinds NetFlow Traffic Analyzer uses to communicate with other devices and servers.

Port Protocol Service/Process Direction Description
80 TCP World Wide Web Publishing Service Bidirectional Port used for web console and any other web servers.
137 UDP NetBIOS Outbound

Port for outbound traffic if NetBIOS name resolution is turned on.

When NTA is trying to resolve the NetBIOS names of servers in their conversations, you may find a large amount of outbound UDP 137 traffic from the NTA collector to a number of external addresses. You can confirm the traffic by using the Flow Navigator to match the outbound connections to existing conversations.

This is normal behavior when NetBIOS is enabled. An easy way to demonstrate the behavior is to disable NetBIOS in NTA and watch all outbound connections terminate.

161

UDP

TCP

SolarWinds Job Engine v2 Outbound Port used for sending and receiving SNMP information, including polling CBQoS-enabled devices.
1433 TCP

SolarWinds NetFlow Service

SolarWinds NetFlow Storage Service

Outbound Port used for communication between the NetFlow Service or NTA Flow Storage Database and the existing SQL server.

1434

UDP

SolarWinds NetFlow Service

SolarWinds NetFlow Storage Service

SQL Browse Service

Outbound The port used for communication between the NetFlow Service or NTA Flow Storage Database and the Orion database. This port is required only if your SQL Server is configured to use dynamic ports.
2055 UDP SolarWinds NetFlow Service Inbound Port for receiving flows on any SolarWinds NTA collector.
5671 TCP RabbitMQ Bidirectional Rabbit MQ messaging.
17777 TCP SolarWinds Information Service Bidirectional

Port for sending and receiving traffic between SolarWinds NPM and other Orion Modules.

Port used for communication between remote Flow Storage Database and NTA Main Poller.

17778 HTTPS and TCP SolarWinds Information Service Bidirectional Open to access the SolarWinds Information Service API and agent communication.
17791 TCP SolarWinds Agent Bidirectional Open for agent communication on any SolarWinds Orion server running Windows Server 2008 R2 SP1.
Device-specific Any port required by a specific device.

Network Atlas

PORT

PROTOCOL

Service/Process Direction

DESCRIPTION

17777 TCP SolarWinds Information Service Bidirectional Remote instances of Network Atlas require TCP on port 17777 to either the SolarWinds NPM or the SolarWinds EOC server.

Network Configuration Manager (NCM)

The following ports might be needed for the Orion Web Console, depending on how SolarWinds NCM is set up to download and upload configurations:

Port Protocol Service/Process Direction Description
22 SSH/SCP

SCP server

Bidirectional

SSH/SCP default port for NCM to transfer configs

23 Telnet

NCM Business Layer Plugin, NCM Jobs (collector)

Outbound Telnet default port for NCM to transfer configs
25 TCP SolarWinds Alerting Service V2 Outbound SMTP email default that NCM uses for notification (If SSL/TLS encryption is set up on SMTP server, default port is 465)
69 UDP TFTP Server Inbound TFTP server listens on this port
80 TCP IIS Inbound HTTP default for the Orion Web Console
137 UDP File and Printer Sharing (NB-Name-In) Bidirectional Used to store firmware updates and configuration files remotely
138 UDP File and Printer Sharing (NB-Datagram-In) Bidirectional Used to store firmware updates and configuration files remotely
139 TCP File and Printer Sharing (NB-Session-In) Bidirectional Used to store firmware updates and configuration files remotely
161 UDP SolarWinds Job Engine v2 Outbound SNMP statistics collection, the default for polling in NCM
162 UDP SolarWinds Trap Service Inbound Trap messages listened for and received by the Trap Server
443 TCP IIS Inbound Default port for HTTPS binding
445 TCP File and Printer Sharing (SMB-In) Bidirectional Used to store firmware updates and configuration files remotely
465 TCP SolarWinds Alerting Service V2 Outbound The port used for SSL-enabled email alert actions
514 UDP SolarWinds Syslog Service Inbound Syslog Service listens for incoming messages
587 TCP SolarWinds Alerting Service V2 Outbound The port used for TLS-enabled email alert actions
1801 TCP MSMQ Bidirectional

MSMQ WCF binding (For more information see this article from Microsoft)

5671 TCP RabbitMQ Bidirectional For encrypted RabbitMQ messaging (AMQP/TLS) into the main polling engine from all Orion servers
17777 TCP

SolarWinds Orion Module Engine

SolarWinds Information Service

SolarWinds Information Service V3

Bidirectional Orion module traffic. Open the port to enable communication from your poller to the Orion Web Console, and from the Orion Web Console to your poller. The port used for communication between the Orion Web Console and the poller.
17778 HTTPS SolarWinds Agent Inbound to the Orion server Required for access to the SWIS API and agent communication
17779 HTTP SolarWinds Toolset Inbound to the Orion server SolarWinds Toolset Integration over HTTP

Ports 4369, 5672, and 25672 are opened by default. These ports can be blocked by the firewall.

Network Performance Monitor (NPM)

  • Ports 4369, 25672, and 5672 are opened by default on the main server for RabbitMQ messaging. These ports can be blocked by the firewall. When running SolarWinds High Availability, ensure ports 4369 and 25672 are open.
  • RPC ports > 1024 (TCP, bidirectional) is used by the Job Engine v2 process to communicate with Windows nodes.

Port Pro-
tocol
Service/
Process
Direction Description Encrypt- ion
user-defined, default: 22 SSH

SolarWinds Job Engine v2

IIS

Outbound from the Orion server to the device Port for accessing ASA devices through CLI Device-based

25

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port for non-encrypted messages

n/a
53 UDP SolarWinds Job Engine v2 Bi-
directional
Resolving DNS queries n/a

80

TCP

IIS Inbound

Default additional web server port. If you specify any port other than 80, you must include that port in the URL used to access the web console. For example, if you specify an IP address of 192.168.0.3 and port 8080, the URL used to access the web console is
http://192.168.0.3:8080. Open the port to enable communication from your computers to the Orion Web Console.

The port might also be used for Cisco UCS monitoring.

n/a
135 TCP Microsoft EPMAP (DCE/RPC Locator service) Bi-
directional
Required for devices polled via WMI. Used to initiate communication with the remotely managed host.  

161

UDP

SolarWinds Job Engine v2

SolarWinds Cortex

Bi-
directional

Send and receive SNMP
information

SNMP v1 and v2 are unencrypted. SNMP v3 uses AES and 3DES encryption.

162

UDP

SolarWinds Trap Service

SNMP Informs

Inbound

Receive trap messages

n/a

443

TCP

IIS Inbound

Default port for https binding.

SSL

465

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port used to send TLS-enabled email alert actions

SSL

514

UDP

SolarWinds Syslog Service Inbound

Receive syslog messages

n/a

587

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port used to send TLS-enabled email alert actions

TLS

1433

TCP

SolarWinds Alerting Service V2

SolarWinds Administration Service

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Orion Module Engine

Outbound

Communication between the Orion server and the SQL Server.

n/a

1434

UDP

SolarWinds Alerting Service V2

SolarWinds Administration Service

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Orion Module Engine

SQL Server Browse Service

Outbound

Communication with the SQL Server Browser Service to determine how to communicate with certain non-standard SQL Server installations. Required only if your SQL Server is configured to use dynamic ports.

n/a

1801

TCP

MSMQ Bidirectional

MSMQ WCF binding

WCF

5671

TCP

RabbitMQ

Bi-
directional

For encrypted RabbitMQ messaging (AMQP/TLS) into the main polling engine from all Orion servers (additional polling engines, HA servers, or additional web servers).

Sending messages to RabbitMQ.

TLS 1.2

17777

TCP

SolarWinds Orion Module Engine

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Cortex

Bi-
directional

Communication between services and SolarWinds Orion module traffic.

Communication between the Orion Web Console and the polling engines.

Communication between the main server and pool members.

RSA handshake, AES 256 communication using WCF

TLS 1.2 with Cortex

17778

HTTPS

SolarWinds Agent Inbound to the Orion server

Required for access to the SWIS API and agent communication

SSL

See SolarWinds Port requirements for a comprehensive list of port requirements for SolarWinds products.

Optional, individual components, such as Orion agents and High Availability, have additional port requirements.

NetPath™

Open the following ports on your firewall for network connectivity used by NetPath™.

You may also need to open the following ports:

  • NPM ports for communication between polling engines.
  • Agent ports when deploying probes on remote machines using agents.
Port Proto-
col
Service or Process Direction Source Destination Description

11

(ICMP Time Exceeded)

ICMP SolarWinds Agent or JobEngine-Worker In-coming Networking devices along your path NetPath probe Used by the NetPath probe to discover network paths.
User configured TCP SolarWinds Agent or JobEngine-Worker Out-going NetPath probe Endpoint service

Any ports of the monitored services that are assigned to the probe.

Used by the NetPath probe to discover service status.

43

443

TCP

SolarWinds-Business-LayerHost

(Main server only)

Out-going Main polling engine

BGP data providers and announcements, such as:

http://whois.arin.net/ui/
https://stat.ripe.net/
Used by NetPath to query BGP information about the discovered IP addresses.

Network Topology Mapper (NTM)

PORT PROTOCOL SERVICE OR PROCESS DIRECTION DESCRIPTION
161 UDP SolarWinds Network Topology Job Scheduler Bidirectional Port used for SNMP statistics collection.
443 TCP SolarWinds Network Topology Job Scheduler Bidirectional

Port used to communicate with VMware Virtual Center or ESX server.

17778 HTTPS SolarWinds Network Topology Job Scheduler Outbound Port used to access the SolarWinds Information Service (SWIS) API for exporting maps from a scheduled discovery to Network Atlas.
1024 and 65535 TCP/UDP SolarWinds Network Topology Job Scheduler Bidirectional WMI communications use a port between 1024 and 65535. See Microsoft Windows specifications.
Create firewall exceptions to allow TCP/UDP traffic on ports 1024 - 65535 to enable mapping monitored objects that use WMI.

Orion Agents

Target computer

Port Protocol Service/
Process
Direction Communication
method
OS Description
22 TCP

sshd

Agent installer

Inbound

Either Linux/Unix

Used to install the agent on Linux/Unix computers through SSH and SFTP or SCP.

135
TCP

Agent installer

Inbound

Either Windows

(DCE/RPC Locator service) Microsoft EPMAP. This port must be open on the target computer for remote deployment.

WMI is only needed for deploying the agent to a Windows server with the Add Node or Add Agent wizard. If you do not want to open WMI ports required for software deployment, you can use another deployment method for the Agent.

WMI also uses any random TCP port greater than 1024. See WMI portocalypse on THWACK.

445
TCP Agent installer

Inbound

Either Windows

Microsoft-DS SMB file sharing. This port must be open on the target computer (inbound) for remote deployment.

17778
TCP

SolarWinds Agent

Outbound

Agent-initiated

All

Used continuously by the agent to communicate back to the Orion server. Also used to deploy the agent.

17790

TCP

SolarWinds Agent

Inbound

Server-initiated All Used to communicate with the Orion server.

Orion Server

Port Protocol Service/
Process
Direction Communication
method
OS Description
22 TCP

sshd

Agent installer

Inbound

Either Linux/Unix

Used to install the agent on Linux/Unix computers through SSH and SFTP or SCP.

135
TCP

Agent installer

Inbound

Either Windows

(DCE/RPC Locator service) Microsoft EPMAP. This port must be open on the target computer for remote deployment.

WMI is only needed for deploying the agent to a Windows server with the Add Node or Add Agent wizard. If you do not want to open WMI ports required for software deployment, you can use another deployment method for the Agent.

WMI also uses any random TCP port greater than 1024. See WMI portocalypse on THWACK.

445
TCP Agent installer

Inbound

Either Windows

Microsoft-DS SMB file sharing. This port must be open on the target computer (inbound) for remote deployment.

17778
TCP

SolarWinds Agent

Outbound

Agent-initiated

All

Used continuously by the agent to communicate back to the Orion server. Also used to deploy the agent.

17790

TCP

SolarWinds Agent

Inbound

Server-initiated All Used to communicate with the Orion server.

Patch Manager

Port Type Direction Description
135 TCP Bidirectional (RPC Endpoint Mapper) The Patch Manager server uses this port to establish WMI connections to remote computers. It also uses this port to connect to the Service Control Manager (SCM) when it provisions the WMI providers dynamically on the remote computer.
389 TCP Bidirectional (Lightweight Directory Access Protocol) Patch Manager servers use this port for Active Directory authentication.
445 TCP Bidirectional (SMB over TCP) The Patch Manager server uses this port when it provisions the WMI providers to a remote computer.
4092 TCP Bidirectional

(Console-to-Server Communication) The Patch Manager console uses this port to communicate to an independent Patch Manager application server. This is a one-way communication channel that only requires inbound TCP traffic on the application server.

In a distributed environment, Patch Manager servers use this port in the same manner for "downstream" communication. For example, the Patch Manager Primary Application Server (PAS) uses port 4092 to communicate with remote Patch Manager servers in secondary server roles.

This port must be opened for agent communications.

8787 TCP Outbound (Web Console Connections) By default, users connect to the Patch Manager web console server on port 8787.
17777 TCP Bidirectional (SolarWinds Information Service) The SolarWinds Information Service (SWIS) facilities data exchange for the Patch Manager Web Console, along with the web console Application Programing Interface (API). Ensure this port is not blocked on servers running the Patch Manager Web Console server.
1024-65536 Dynamic Ports Bidirectional (DCOM or RPC) Windows Management Instrumentation (WMI) technology is based on Distributed Component Object Model (DCOM)/RPC communication. DCOM/RPC allocates the ports used by the server within a dynamic port range. This range is typically between 1024 and 65536. To configure these ports using Windows Firewall on your managed computers, enable the Inbound Rules in the Windows Management Instrumentation (WMI) group.

Server & Application Monitor (SAM)

Review and open ports for SAM to support communication for the Orion server, the main polling engine, Additional Polling Engines (APEs), and Additional Web Servers (AWS). These ports include feature specific requirements including Orion agents, SolarWinds High Availability (HA), and component monitors and templates.

  • Ports 4369, 25672, and 5671 are opened by default on the main server for RabbitMQ messaging. These ports can be blocked by the firewall. If using High Availability, make sure port 4369 is open.
  • The Job Engine v2 process uses RPC ports > 1024 (TCP, bidirectional) to communicate with network devices.
  • If your devices do not use the default syslog port to send messages, you must also modify the Orion server to listen to that port.
Port Protocol Service/
Process
Direction Description Encryption
User-defined, default: 22 SSH

SolarWinds Job Engine v2

IIS

Outbound from the Orion server to the device Access ASA devices through the CLI Device-based

25

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port for non-encrypted messages

n/a
53 UDP SolarWinds Job Engine v2 Bidirectional Resolve DNS queries n/a

80

TCP

IIS Inbound

Default additional web server port. If you specify any port other than 80, you must include that port in the URL used to access the Orion Web Console. For example, if you specify an IP address of 192.168.0.3 and port 8080, the URL used to access the Orion Web Console is http://192.168.0.3:8080.

Open the port to enable communication from your computers to the Orion Web Console.

The port might also be used for Cisco UCS monitoring.

n/a
135 TCP Microsoft EPMAP (DCE/RPC Locator service) Bidirectional

WMI uses TCP Port 135 to initiate communication with the remotely managed host, then switches to any random high port anywhere between TCP ports 1024 — 65535. Click here for details.

 

161

UDP

SolarWinds Job Engine v2

SolarWinds Cortex service

Bidirectional

Send and receive SNMP information

SNMP v1 and v2 are unencrypted. SNMP v3 uses AES & 3DES encryption.

162

UDP

SolarWinds Trap service

SNMP Informs

Inbound

Receive trap messages

n/a

443

TCP

IIS Bidirectional

Default port for https binding. Also used for bidirectional ESX/ESXi server polling and Cisco UCS device monitoring.

SSL

465

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port used to send TLS-enabled email alert actions

SSL

514

UDP

SolarWinds Syslog Service Bidirectional

Receive syslog messages

n/a

587

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port used to send TLS-enabled email alert actions

TLS

1433

TCP

SolarWinds Administration Service

SolarWinds Alerting Service V2

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Orion Module Engine

Outbound

Communication between the Orion server and the Orion database server.

n/a

1434

UDP

SolarWinds Administration Service

SolarWinds Alerting Service V2

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Orion Module Engine

SQL Server Browse Service

Bidirectional

Communication with the SQL Server Browser Service to determine how to handle certain non-standard SQL Server installations.

Required only if your Orion database server is configured to use dynamic ports.

n/a

1801

TCP

MSMQ Bidirectional

MSMQ WCF binding with WCF encryption.

WCF

5671

TCP

RabbitMQ

Bidirectional

For RabbitMQ messaging (AMQP/TLS) between the main polling engine and all Additional Polling Engines, High Availability servers, or Additional Web Servers.

TLS 1.2

17777

TCP

SolarWinds Cortex (communication)

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Orion Module Engine

Bidirectional

Communication between services and SolarWinds Orion module traffic.

Communication between the Orion Web Console, the main polling engine, and all scalability engines.

Communication between the main server and pool members.

RSA handshake, AES 256 communication using WCF

TLS 1.2 with SolarWinds Cortex

17778

HTTPS

SolarWinds Agent Bidirectional

Required to access the SWIS API and agent communication. Also used for outbound communication with container orchestrators.

SSL
17799 HTTPS Container service monitoring Bidirectional Communication with container orchestrator machines in SAM and VMAN.  

SAM component monitor ports requirements

Component/
Monitor

Port

Type

Description

DHCP User Experience Monitor

67

UDP

Used for DHCP requests.

DHCP User Experience Monitor

68

UDP

Used for the DHCP responses.

Directory Size Monitor

See SAM WMI requirements below.

DNS Monitor

DNS User Experience Monitor

53

TCP/UDP

Used for DNS queries.

Download Speed Monitor

19

Used for the character generator service.

ESX Hardware Monitoring 5989   Used to collect vCenter data via API.

File Age Monitor

File Change Monitor

File Existence Monitor

File Size Monitor

File Count Monitor

445

TCP/UDP

See SAM WMI requirements and Poll devices with SolarWinds Orion agents.

FTP Monitor

FTP User Experience Monitor

21

Used for FTP sessions

HTTP Form Login Monitor

HTTP Monitor

TCP Port Monitor

80

Used for HTTP form-based login sessions.

HTTPS Monitor

443

Used to test a web server's ability to accept incoming sessions over a secure channel and then transmit the requested page.

IMAP4 Monitor 143 (default) IMAP4 Used for IMAP 4 sessions.
585 IMAP4 Used for Secure IMAP (IMAP4-SSL) sessions.
993 IMAP4 Used for IMAP4 over SSL (IMAPS) sessions.
IMAP4 User Experience Monitor 25 SMTP Used to communicate with a Microsoft Exchange mail server.
143 IMAP4
993 IMAP4

LDAP User Experience Monitor

389

Used for LDAP connections.

636

For LDAP over SSL, use port 636.

Linux/Unix Script Monitor Ports

22

Used for SSH connections.

NNTP Monitor

119

UDP

This field is the port number used for NNTP connections.

ODBC User Experience Monitor

1630

TCP

To configure ODBC when polling with Orion Agent for Linux, see Linux/Unix system configurations for component monitors.

Oracle User Experience Monitor

1521

TCP

The Oracle SQL*Net Listener allows Oracle client connections to the database over Oracle's SQL*Net protocol. You can configure it during installation. To reconfigure this port, use Net Configuration Assistant.

1526

Performance Counter Monitor

See Description

TCP

This monitor uses RPC, requiring the following ports:

  • TCP/135
  • RPC/named pipes (NP) TCP 139
  • RPC/NP TCP 445
  • RPC/NP UDP 137
  • RPC/NP UDP 138

POP3 Monitor

See Description

This monitor uses the following ports to communication with Microsoft Exchange mail servers.

  • 102 X.400 MTA
  • 110 POP3
  • 119 NNTP
  • 143 IMAP4
  • 389 LDAP
  • 563 POP3 over SSL
  • 636 LDAP over SSL
  • 993 IMAP4 over SSL
  • 995 Secure POP3 over SSL

POP3 Monitor

POP3 User Experience Monitor

110 (default)

Used for POP3 connections.

995

Used for secure POP3 (SSL-POP) connections.

25

SMTP

Used for SMTP sessions.

Process Monitor

SNMP

Uses SNMP communication.

Process Monitor - Windows

Uses WMI or RPC communication to test if a specified Windows process is running and reports statistics about all instances of the process.

RADIUS User Experience Monitor

1812

1645

Used to authenticate RADIUS protocols, along with port 1813. Cisco devices may require port 1645 or 1646.

RWHOIS Port Monitor

4321

Used to test the ability of a Referral Whois (RWhois) server to accept incoming sessions.

SMTP Monitor

465

SMTP

Used for Secure SMTP (SSMTP).

SNMP Monitor 444 SNMP Used to test the ability of an SNMP server to accept incoming sessions.

SQL Server User Experience Monitor

1433

This component monitor only works if MS SQL Server uses the default port, 1433. If MS SQL Server uses a non-standard port, use the ODBC User Experience monitor instead to manually define a connection string for the port.

TACACS+User Experience Monitor

49

Used for TACACS+ protocol connections.

Tomcat Server Monitor

8080

Used to retrieve status information from the Apache Tomcat status website.

VMware Performance Counter Monitor

443

Used to communicate with the VMware API.

Windows Event Log Monitor

This component monitor uses the following ports:

  • TCP/135
  • RPC/named pipes (NP) TCP 139
  • RPC/NP TCP 445
  • RPC/NP UDP 137
  • RPC/NP UDP 138
  • POP3 User Experience Monitor port 110

SAM template port requirements

Several SAM application monitoring templates have port requirements. See the SAM Template Reference to learn more about default ports used by individual templates.

SAM WMI Requirements

Microsoft Windows uses a random port between 1024 and 65535 for WMI communications, by default, so you must create firewall exceptions to allow bidirectional TCP/UDP traffic on those ports to support SAM templates and component monitors that use WMI.

Click here to learn more about WMI in the SolarWinds online IT community, THWACK.

The following component monitors use WMI:

  • Performance Counter Monitor
  • Process Monitor – WMI (if script uses WMI access)
  • Windows Event Log Monitor
  • Windows PowerShell Monitor (if script uses WMI access)
  • Windows Script Monitor
  • Windows Service Monitor (if script uses WMI access)

The following templates use WMI:

  • Active Directory 2003-2008 Services and Counters
  • Active Directory 2008 R2-2012 Services and Counters
  • Active Directory 2016 Domain Controller Security
  • Active Directory 2016 Services and Counters
  • APC PowerChute Agent (Windows)
  • Blackberry Enterprise Server
  • Citrix XenApp 5.0 Core WMI Counters
  • Citrix XenApp 5.0 ICA Session WMI Counters
  • Citrix XenApp 5.0 Presentation Server WMI Counters
  • Citrix XenApp 5.0 Services
  • Citrix XenApp 6.0 Core Counters
  • Citrix XenApp 6.0 ICA Session
  • Citrix XenApp 6.0 Services
  • Citrix XenApp and Xen Desktop 7.x (Advanced)
  • Citrix XenApp and Xen Desktop 7.x (Events)
  • Citrix XenApp and Xen Desktop 7.x (Performance Counters)
  • Citrix XenApp and Xen Desktop 7.x (Services)
  • Directory Size
  • Errors in Application Event Log
  • Exchange 2007 templates (all)
  • Exchange 2007-2010 templates (all)
  • Exchange 2010 templates (all)
  • Exchange 2013 templates (all)
  • Exchange 2016 templates (all)
  • Exchange Active Sync Connectivity
  • Exchange Server 2000 and 2003
  • Internet Information Services (IIS) 6
  • Internet Information Services (IIS) 10
  • Kaspersky Security Center Antivirus
  • Kiwi Syslog Server
  • Microsoft DirectAccess templates (all)
  • Microsoft Dynamics templates (all)
  • Microsoft Forefront Endpoint Protection templates (all)
  • Microsoft IIS SMTP Server
  • Microsoft Lync Server templates (all)
  • Microsoft Message Queuing templates (all)
  • Microsoft Network Policy Server templates (all)
  • Microsoft Office 365 templates (all)
  • Microsoft Routing and Remote Access templates (all)
  • Microsoft SharePoint templates (all)
  • Microsoft Skype templates (all)
  • Microsoft SQL Server templates (all)
  • Microsoft Windows Internet Name Service (WINS) templates (all)
  • Microsoft Windows Server templates (all)
  • Orion Server 2017.3
  • SQL Server 2005 Database
  • SQL Server 2008 Database
  • Symantec Backup Exec Remote Agent
  • Symantec Backup Exec Server
  • Symantec Endpoint Protection Server
  • Symantec NetBackup Client
  • Trend Micro OfficeScan Client
  • Trend Micro OfficeScan Server
  • Windows DHCP Server
  • Windows DNS Server
  • Windows Network Load Balancing
  • Windows Print Services
  • Windows Remote Desktop Services (Session Host Role)
  • Windows Server 2003-2008
  • Windows Service monitor

Storage Manager (STM)

Port

Type

Description

22

TCP

Used on the control system for EMC Celerra Storage Devices.

80

TCP

Used on the NetApp head/cluster node and any available CIFS/NFS.

161

UDP

Used for polling of Fiber Channel Switches: Cisco MDS, Brocade, McData, and QLogic Switches.

Used on the EqualLogic Group IP.

162

UDP

Agents use this port to notify Storage Manager Server when information is available to be retrieved from the agent.

If port 162 is in use by Orion NPM, then Storage Manager will use 10162 or 20162 when SNMP traps are sent to the Storage Manager Server.

443

TCP

Storage Manager uses this port to communicate with VMware Virtual Center or ESX server.

Used on the NetApp head/cluster node and any available CIFS/NFS.

1094

TCP

Used by MS SQL application module.

1433

TCP

Used by MS SQL application module.

1521

TCP

Used by Oracle application module.

2463

TCP

Used to set RPC sessions to the storage controller from the SMI-S provider for LSI and SUN StorageTek storage devices.

3306

TCP

Used by the Storage Manager Database.

4319

TCP

Handles the collection from Storage Manager Agents and also acts as a local data collector/agent. Storage Manager communicates with data collectors/agents.

5988

TCP

HTTP port used by SMI-S providers.

5989

TCP

HTTPS port used by SMI-S providers.

8443

TCP

HTTPS port used to communicate with the Storage Profiler Module

9000

TCP

Storage Manager Web Console

17778

TCP

Required for access to the SWIS API

43501

TCP

Java Management Extensions (JMX) if blocked can also use 43052, 43503, and 43504. Allows web server to obtain memory from STM services (collector,

event receiver, maintenance, and poller).

Storage Resource Monitor (SRM)

The following table shows the ports used by SRM:

Port Type Direction Description

25

TCP

Outbound

SSL/TLS for email alert actions should be enabled.

80 TCP Inbound

Default web port. If you specify any port other than 80, you must include that port in the URL used to access the Web Console. For example, if you specify an IP address of 192.168.0.3 and port 8080, the URL used to access the Web Console is http://192.168.0.3:8080. Open the port to enable communication from your computers to the Orion Web Console.

Used on the NetApp head/cluster node and any available CIFS/NFS.

Used by EMC VNX/Clariion for file side performance.

162 UDP Inbound SolarWinds Trap Service

443

TCP

Inbound

Default for HTTP binding

1433

TCP

Outbound

Used for communication between the SRM and the SQL Server.

1434

UDP

Outbound

Used for communication with the SQL Server Browser Service to determine how to communicate with certain non-standard SQL Server installations.

1801

TCP

Bidirectional

MSMQ WCF binding (for more information see this KB:http://support.microsoft.com/kb/183293).

17777

TCP

Bidirectional

Orion module traffic. Open the port to enable communication from your poller to the SRM Web Console, and from the SRM Web Console to your poller.

The port used for communication between the Orion Web Console and the poller.

17778

TCP

Bidirectional

(HTTPS) Required for access to the SWIS API.

17779

TCP

Inbound

(HTTP/HTTPS) SolarWinds Toolset integration.

The following condensed table shows the ports used by SRM for collecting data from the storage arrays:

Port Type Storage Array Direction Description
80 TCP

NetApp Filer (Direct Polling)

NetApp DFM clustered mode

EMC VNX XML API

EMC Unity

EMC XtremIO

Outbound

Alternate ONTAP API port for NetApp connections.

Alternate connection to NetApp On command for clustered mode management server.

Used by EMC VNX/Clariion for file side performance.

161 UDP

All Storage Arrays monitored via SNMP

Dell EqualLogic PS Series.

EMC Isilon

Outbound SNMP connections to the storage array.
443 TCP

NetApp ONTAP API

NetApp DFM clustered mode

EMC VNX XML API

EMC Unity

EMC XtremIO

InfiniDat InfiniBox

Outbound

Secure ONTAP API port for NetApp connections.

Secure connection to NetApp On command for clustered mode management server.

(HTTPS) Used on the NetApp head/cluster node and any available CIFS/NFS.

Used by EMC VNX/Clariion for file side performance.

5392 TCP Nimble Outbound
5988 TCP

All Storage Arrays monitored via SMI-S

Dell Compellent

Dell PowerVault MD 3xxx

Dot Hill AssuredSAN 4xxx/5xxx

EMC Symmetrix VMAX / VMAXe / DMX-4

EMC VMAX3 and VMAX All Flash Family (HYPERMAX OS)

EMC VNX / CLARiiON

EMC VNX NAS Gateway / Celerra

HDS (External Provider)

HDS (Onboard Provider)

HP 3PAR / StoreServ

HP P2xxx / MSA

HP StorageWorks XP (External Provider)

HP StorageWorks XP (Onboard Provider)

IBM DS 3xxx / 4xxx / 5xxx

IBM DS 8xxx

IBM FlashSystem A9000 / A9000R

IBM SVC V9000 / V7000 /V5000 / V3700

Outbound Alternate port on SMI-S provider (external or on onboard).
5989 TCP

All Storage Arrays monitored via SMI-S

Dell Compellent

Dell PowerVault MD 3xxx,

EMC Symmetrix VMAX / VMAXe / DMX-4

EMC VMAX3 and VMAX All Flash Family (HYPERMAX OS)

EMC VNX / CLARiiON

EMC VNX NAS Gateway / Celerra

HDS (External Provider)

HDS (Onboard Provider)

HP 3PAR / StoreServ

HP P2xxx / MSA

HP StorageWorks XP (External Provider)

HP StorageWorks XP (Onboard Provider)

IBM DS 3xxx / 4xxx / 5xxx

IBM DS 8xxx

IBM FlashSystem A9000 / A9000R

IBM SVC V9000 / V7000 / V5000 / V3700

Outbound Secure and preferred SMI-S port on SMI-S provider (external or on onboard).
8088 TCP NetApp DFM 7 mode Outbound

Alternate connection to the NetApp On command management servers for 7 mode arrays.

8488 TCP NetApp DFM 7 mode Outbound

Secure connection to the NetApp On command management servers for 7 mode arrays.

User Device Tracker (UDT)

Port

Type

Description

80

TCP

Used to access the website

161

UDP

Used for SNMP (polling) traffic

1433

TCP

Used to communicate with MS SQL

17777

TCP

Information Service Protocol

Virtualization Manager (VMAN)

Review the following port requirements for the VMAN appliance, the Orion server, Federated Collectors, virtual environments, and additional systems. These ports are required for data collection and management actions.

Features and components affecting the port requirements of the Virtualization Manager appliance include:

  • VMware data collection
  • Hyper-V data collection
  • Active Directory and LDAP authentication
  • Sending email notifications (in alerting and reporting)
  • Sending SNMP traps (in alerting)
  • Orion integration
  • Federated collectors

Port requirements of the master appliance

Port Protocol Service/
Process
Direction Description
22 TCP SSH

Inbound

SSH access to the virtual appliance

25 TCP Outbound Sends emails through SMTP
123 UDP NTP Outbound Uses the Network Time Protocol (NTP) service
162 UDP Outbound Sends SNMP traps
389 TCP, UDP Outbound Active Directory authentication
443 HTTPS Inbound HTTPS access to the VMAN user interface
443 or 80 TCP Inbound Performs auto-upgrade or version upgrade on federated collectors if federated collectors are configured
3268 TCP Outbound LDAP authentication and requests
5480 HTTPS Inbound HTTPS access to the Management Console
8983 Inbound Access from federated collectors to the master appliance during initial setup
17777 TCP SolarWinds Information Service Bidirectional The port used for communication from your polling engine to the Orion Web Console, and from the Orion Web Console to your polling engine.
17778 HTTPS and TCP SSL Outbound

Communicates with the SolarWinds Orion server and SolarWinds Information Service if the integration with Orion is enabled

If you use Virtualization Manager integrated with NPM or SAM in an environment with multiple polling engines and federated collectors, open TCP port 17778 from the primary collector to every polling engine that is used to poll virtualization data.

61616 TCP Inbound Active MQ master-collector communication

Port requirements of the federated collector

Port Protocol Service/
Process
Direction Description
22 TCP SSH

Inbound

SSH access to the federated collector

443 or 80 TCP Outbound Performing auto-upgrade or version upgrade
5480 HTTPS Inbound HTTPS access to the federated collector
8983 Access from federated collectors to the master appliance during initial setup

Port requirements for data collection

Configure the following outbound ports on the master or the collector for data collection.

Port Protocol Service/
Process
Direction Description
7

Outbound

Access to Hyper-V hosts that were added by using a fully qualified domain name

135 TCP Outbound WMI data collection from Hyper-V hosts or VMs
443 TCP Outbound Data collection from ESX hosts and vCenters
Dynamic RCP ports Outbound WMI communication. You can configure the available ports on the WMI target or policy.

VoIP & Network Quality Manager (VNQM)

Port #

Protocol Service / Process Direction Description
21 TCP SolarWinds Collector Service Bidirectional The port used for FTP (CDR/CMR download)
22 TCP SolarWinds Collector Service Bidirectional

The port used for SFTP (CDR/CMR download) and for

SSH for CLI (operation polling)

23

TCP SolarWinds Collector Service Bidirectional The port used for TELNET for CLI (operation polling)

80

TCP World Wide Web Publishing Service Bidirectional HTTP port

The port used by Additional Web Servers. If you change this setting, you must include the port in the URL used to access the Orion Web Console.

161 UDP SolarWinds Collector Service Outbound The default UDP port of NPM, used by SNMP.
443 TCP World Wide Web Publishing Service Bidirectional The port used for conducting secure SSL communications.
5005 UDP SolarWinds Collector Service Bidirectional

The port used for RTCP data (call metrics) listening from Avaya Call Manager.

5022 TCP SolarWinds Collector Service Bidirectional The port used for communication with Avaya Call Manager via CLI through SSH.
8443 HTTPS SolarWinds Orion Module Engine/Business Layer Plugin Outbound The port used for Cisco Call Manager AXL credentials troubleshooting.
17777 TCP SolarWinds Information Service Bidirectional

The port used for communication from your polling engine to the Orion Web Console, and from the Orion Web Console to your polling engine.

50000 TCP SolarWinds Collector Service Bidirectional The port used for CDR data (call records) listening from Avaya Call Manager.

Web Help Desk (WHD)

The following table provides a list of all of the ports needed for communication with SolarWinds Web Help Desk.

Port

Type

Description

25

TCP

Traffic from the SolarWinds Web Help Desk server to the email server for automated email notifications

80

TCP

HTTP communications with Microsoft Exchange Web Services (EWS)

110

TCP

Non Secure traffic with the POP3 mail server

135

TCP

Asset Discovery using Windows Management Instrumentation (WMI).

WMI calls uses port 135, and then selects a random port for further communication.

143

TCP

Non-secure traffic with the Internet Message Access Protocol (IMAP) mail server

389

TCP

Non-secure traffic from the Web Help Desk server to a designated server (usually a domain controller) for use with the Directory Service tool (LDAP, Active Directory)

443

TCP

Secure traffic with EWS

636

TCP

Secure traffic from the SolarWinds Web Help Desk server to a designated server (usually a domain controller) for use with the Directory Service tool (LDAP, AD)

993

TCP

Secure traffic with the IMAP mail server

995

TCP

Secure traffic with the POP3 mail server

1433

TCP

Communications with a Microsoft SQL external database, including:

  • Microsoft SQL Server
  • Microsoft Systems Management Server
  • Microsoft System Center Configuration Manager (SCCM)
  • SolarWinds Network Configuration Manager (NCM)
  • SolarWinds Network Performance Monitor (NCM)
  • SolarWinds Server and Application Monitor (SAM)

1521

TCP

Communicates with the Oracle Java Database Connectivity (JDBC) connector for asset discovery

3306

TCP

Communicates with the MySQL external database, LANrev, and Casper 8 and lower

4445

TCP

Remote log server reader

5432

TCP

Communications with an External PostgreSQL database

5433

TCP

Communications with Apple Remote 3.2 for asset discovery

7100

TCP

Communications with a Sybase database for asset discovery

8081

TCP

Non-secure traffic from the Web Help Desk Administrator Console

8443

TCP

(Default) Secure traffic from the SolarWinds Web Help Desk Console

17778

TCP

Communications from the SolarWinds Orion server (Orion integration only)

20293

TCP

Communications with an embedded PostgreSQL database

61616

TCP

Web Help Desk Discovery engine (JMS queue port)

Web Performance Monitor (WPM)

Review and open ports for WPM to support communication for the Orion server, the main polling engine, Additional Polling Engines (APEs), and Additional Web Servers (AWS). These ports include feature specific requirements including Orion agents and SolarWinds High Availability (HA).

  • Ports 4369, 25672, and 5672 are opened by default on the main server for RabbitMQ messaging. These ports can be blocked by the firewall. If using High Availability, make sure port 4369 is open.
  • The Job Engine v2 process uses RPC ports > 1024 (TCP, bidirectional) to communicate with network devices.
  • If your devices do not use the default syslog port to send messages, you must also modify the Orion server to listen to that port.
Port Protocol Service/
Process
Direction Description Encryption

user-defined, default: 22

SSH

SolarWinds Job Engine v2

IIS

Outbound from the Orion server to the device Access Cisco ASA devices through the CLI. Device-based

25

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port for non-encrypted messages

n/a
53 UDP SolarWinds Job Engine v2 Outbound Resolve DNS queries n/a

80

TCP

IIS Inbound

Default Additional Web Server port. If you specify any port other than 80, you must include that port in the URL used to access the Orion Web Console. For example, if you specify 192.168.0.3 and port 8080, the URL used to access the Orion Web Console is http://192.168.0.3:8080. Open the port to enable communication from your computers to the Orion Web Console.

The port may also be used for Cisco UCS monitoring.

n/a
135 TCP

Microsoft EPMAP (DCE/RPC Locator service)

Bidirectional WMI uses TCP Port 135 to initiate communication with the remotely managed host, then switches to any random high port anywhere between TCP ports 1024 — 65535. Click here for details. n/a

161

UDP

SolarWinds Job Engine v2

SolarWinds Cortex

Outbound

Sending and receiving SNMP information.

SNMP v1 and v2 are unencrypted. SNMP v3 uses AES & 3DES encryption.

162

UDP

SolarWinds Trap Service Inbound

Receiving trap messages

n/a

443

TCP

IIS Inbound

Default port for https binding.

Also used for bi-directional ESX/ESXi server polling, or for Cisco UCS monitoring.

SSL

465

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port used to send TLS-enabled email alert actions.

SSL

514

UDP

SolarWinds Syslog Service Inbound

Receiving syslog messages

n/a

587

TCP

SolarWinds Alerting Service V2 Outbound

SMTP port used to send TLS-enabled email alert actions.

TLS

1433

TCP

SolarWinds Alerting Service V2

SolarWinds Administration Service

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Orion Module Engine

Outbound

Used for communication from the Orion Server to the Orion database server.

n/a

1434

UDP

SolarWinds Alerting Service V2

SolarWinds Administration Service

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Orion Module Engine

Outbound

Used for communication with the SQL Server Browser Service to determine how to communicate with certain non-standard SQL Server installations.

n/a

1801

TCP

MSMQ Bidirectional

MSMQ WCF binding

WCF

5671

TCP

RabbitMQ Bidirectional

For encrypted RabbitMQ messaging (AMQP/TLS) into the main polling engine from all Orion servers.

TLS 1.2

17777

TCP

SolarWinds Orion Module Engine

SolarWinds Information Service

SolarWinds Information Service V3

SolarWinds Cortex (communication)

Bidirectional

Communication between services and SolarWinds Orion module traffic.

Communication between the Orion Web Console and the polling engines.

Communication between the main server and pool members.

RSA handshake, AES 256 communication using WCF

TLS 1.2 with Cortex

17778

HTTPS

SolarWinds Agent Inbound to the Orion server

Required for access to the SWIS API and agent communication.

SSL
17781 TCP WPM Playback Player Bidirectional The default port the WPM Player listens on. This port must be open between the Orion Server and the WPM Player for proper communications. n/a
17782 TCP WPM Playback Player Inbound Used for WPM Player-initiated communications mode. n/a
17783 RCP WPM Playback Player Bidirectional Used for automatic WPM Player updates n/a

WPM Recorder port requirements

In addition to WPM Recorders added to the Orion server when you install WPM, you can deploy WPM Recorders to other computers on machines other than the Orion server, such as a computer in a branch office.

In addition to WPM Recorder system requirements, note these TCP/IP port requirements:

  • 80 (TCP) open for http traffic
  • 443 (TCP) open for https traffic
  • 17777 (TCP) open for SolarWinds traffic

WPM Player port requirements

The WPM Player is a Windows service you can install on remote computers to simulate end user experiences with web applications by playing back recorded transactions.

In addition to WPM Player system requirements, note these TCP/IP port requirements:

  • 80 (TCP) open for http traffic
  • 135 (TCP) open for Microsoft EPMAP (DCE/RPC Locator service)
  • 443 (TCP) open for https traffic
  • 445 (TCP) open for Microsoft-DS SMB file sharing
  • 17777 (TCP) open for SolarWinds traffic
  • 17781 (TCP) open for server-initiated (passive) communication mode
  • 17782 (TCP) open for server-initiated (active) communication mode
  • 17783 (TCP), open for WPM Player automatic updates (bidirectional)