What communications ports are used by Certero?
What communications ports are used by Certero?
Certero uses various ports for internal communication e.g. Client Device to Certero server, Endpoint Server to Application Server and for Network Discovery, Agent Deployment and Remote Inventory.
If there are firewalls or routers between the Certero server and network devices, they will need to allow traffic to flow on certain UDP and TCP ports. The table below lists which ports need to be opened.
Protocol | Port | From | To | Reason |
TCP | 22 (SSH)* | Endpoint Server | All Endpoint Networks | Network discovery services when discovering SNMP devices. Used for agent deployment or agentless inventory of Unix, Linux and Apple Mac. |
TCP | 22 (SSH) | Endpoint Server | IBM HMC | Communication between Endpoint server and IBM HMC about Physical Hosts, Virtual Machines and the relationships between them. |
UDP | 161 (SNMP) | Endpoint Server | All Endpoint Networks | Network discovery services when discovering SNMP enabled devices |
UDP | 137 (NetBIOS over TCP/IP) | Endpoint Server | All Endpoint Networks | Network Discovery Service to determine the target operating system of a Windows PC. |
TCP | 445 (SMB) | Endpoint Server | All Endpoint Networks | Network Discovery Service to determine the target operating system of a Windows PC. Used for Agent deployment or agentless inventory when connecting to administrative shares |
ICMP v4 | Ping | Endpoint Server | All Endpoint Networks | Windows remote inventory |
TCP | 139 (NetBIOS over TCP/IP) | Endpoint Server | All Endpoint Networks | Network Discovery Service to determine the target operating system of a Windows PC. |
TCP | 389 (LDAP) | Endpoint Server | Domain Controller(s) | Active Directory Connector which imports Users, Groups and Computers |
TCP | 636 (LDAPS) | Endpoint Server | Domain Controller(s) | Active Directory Connector which imports Users, Groups and Computers when using secure LDAP |
TCP | 3269 (LDAPS) | Endpoint Server | Domain Controller(s) | Active Directory Connector which imports Users, Groups and Computers when using secure LDAP against a Global Catalog Server |
ICMP | Ping | Endpoint Server | All Endpoint Networks | Network Discovery Service to assist in identifying other devices on the network that do not respond to NetBIOS or SNMP |
HTTPS | 443** | Endpoint Server | Application Server | Communication between Endpoint servers and Application Server to relay information between systems |
HTTPS | 443 | Endpoint Server | VMware vSphere or vCenter Server or individual ESX hosts | Communication between Endpoint server and VMware servers to extract information about Physical Hosts, Virtual Machines and the relationships between them. |
HTTP | 80 | Endpoint Server | XenServer Hosts | Communication between Endpoint server and XenServer servers to extract information about Physical Hosts, Virtual Machines and the relationships between them. |
TCP | 1521*** | Endpoint Server | Oracle Databases | Communication between the Endpoint Server and Oracle databases. The default port is1521, however, this port may have been changed by the Oracle DBA |
HTTP S | 443 | Desktops, Laptops and Servers | Endpoint Server | Communication Desktops, Laptops and Servers to the Endpoint Server to upload inventory information and query the server for actions |
HTTPS | 443 | Desktops, Laptops and Servers | Application Server | Communication Desktops, Laptops and Servers to access the Certero application via a Web Browser |
TCP | 1433 **** | Application Server | Database Server | Communication between the Certero Application Server and the Database Server for access to the database |
TCP | 1434 | Application Server | Database Server | Communication between the Certero Application Server and the Database Server for the SQL Server Browser Service |
TCP | 1433 **** | Desktops, Laptops and Servers | Database Server | Required if SQL Server Management Studio or tools such as Microsoft Power BI are going to be used to directly access the Certero database for reporting purposes or for CMDB integration |
TCP | 3200 - 3299 | Endpoint Server | SAP Systems | Communication between the Endpoint Server and the SAP Systems. The default port is1521, however, this port may have been changed by the Oracle DBA |
TCP | 50,000 ***** | Endpoint Server | IBM License Metric Tool (ILMT) on DB2 | Communication between the Certero Endpoint Server and the ILMT DB2 Database Server for IBM License Metric Tool Connector |
TCP | 1433 **** | Endpoint Server | IBM License Metric Tool (ILMT) on SQL | Communication between the Certero Endpoint Server and the ILMT SQL Database Server for IBM License Metric Tool Connector |
TCP | 50,000 ***** | Endpoint Server | IBM BigFix Inventory on DB2 | Communication between the Certero Endpoint Server and the IBM BigFix Inventory DB2 Database Server ITAM Data Connector |
TCP | 1433 **** | Endpoint Server | IBM License Metric Tool (ILMT) on SQL | Communication between the Certero Endpoint Server and SQL Database Server for the IBM BigFix Inventory ITAM Data Connector |
TCP | 1433 **** | Endpoint Server | Microsoft SCCM SQL Database Server | Communication between the Certero Endpoint Server and the SCCM SQL Database Server for SCCM ITAM Data Connector |
HTTPS | 443 | Certero Application Server |
| Optional connection to enable the dynamic synchronisation between the Certero Provisioning server and the Certero Customer Centre. Used to download updates to Certero Platform and SRDB definitions. This can communicate via a Proxy Server |
*Custom SSH ports other than TCP port 22 can be used
**Any HTTP or HTTPS port can be configured for Endpoint Server to Application Server communication
***TCP port 1521 is the default port for Oracle. However, if Oracle has been configured to use non-standard ports Certero will require access to these ports
****SQL Server may be configured to use Dynamic Ports. If this is the case, a range of ports will need to be opened. The SQL Server Browser service will direct clients to the correct port to use.
*****DB2 may be configured on a different port than the default of 50,000