SOLVED
All required ports are documented in the HPE OneView User Guide located in the Enterprise Information Library. Please review the table on Page 76. No, ports that are open and required cannot be closed or "turned off".
What tool are you using to "detect" open ports?
I would really like to know what tool you used to scan for open ports. I just tested using Nmap 7.40 to scan a 3.00.05 appliance, and only the following ports were "open":
- 22/TCP (Service access, controlled by user accounts in OneView application, not general purpose SSH)
- 80/TCP (Redirects to 443)
- 443/TCP (Main UI and REST API interface)
- 5989/TCP (CIMOM service, need to find out why this port is open, could be part of the Storage Management feature we introduced in HPE OneView 1.10)
- 5671/TCP (RabbitMQ SCMB/MSMB)
- 123/UDP (NTP)
- 162/UDP (SNMP Trap service)
There were other ports "open", but it is a side affect of trying to scan UDP ports.
Our port scan for example shows ports 9, 14, 18, 89, 92, 96 etc
I can tell you that those ports are indeed NOT open on the appliance. I would ask that you and your customer reach out to IBM (which I believe owns the QRadar product) on how to resolve these false positives.