Re: HP SIM Monitoring serves behind a Firewall

Larry Hedrick · ‎08-23-2004

Does anyone have a comprehensive list of TCP/UDP ports used by HP SIM for monitoring servers behind firewalls...?

Some samples of what I see being sent out...
denied tcp 10.1.5.18(3770) -> 10.5.192.86(3202), 2 packets
denied tcp 10.1.5.18(3772) -> 10.5.192.86(8008), 2 packets
denied tcp 10.1.5.18(3796) -> 10.5.192.90(8443), 2 packets
denied tcp 10.1.5.18(3615) -> 10.5.192.74(80), 2 packets
denied udp 10.1.5.18(137) -> 10.5.192.118(137), 11 packets
denied tcp 10.1.5.18(3636) -> 10.5.192.78(8443), 2 packets
denied tcp 10.1.5.18(3617) -> 10.5.192.74(2069), 2 packets
denied tcp 10.1.5.18(3634) -> 10.5.192.78(9990), 2 packets
denied tcp 10.1.5.18(3791) -> 10.5.192.90(9991), 2 packets
denied tcp 10.1.5.18(3795) -> 10.5.192.90(280), 2 packets
denied tcp 10.1.5.18(3823) -> 10.5.192.94(8000), 2 packets
denied tcp 10.1.5.18(3632) -> 10.5.192.78(411), 2 packets
denied tcp 10.1.5.18(3630) -> 10.5.192.78(1311), 2 packets
denied tcp 10.1.5.18(3720) -> 10.5.192.78(3257), 2 packets

Joel Rubenstein · ‎08-23-2004

Go to http://www.hp.com/go/hpsim. Select Information Library , Whitepapers. You are looking for Understanding HP Systems Insight Manager Security.

The direct link is

http://www.hp.com/wwsolutions/misc/downloads/management/hpsim/HPSIM_Security_WP.pdf

Ed Stockwell · ‎08-30-2004

I would like to know that as well, but the links referenced in the reply do not get me the information I need. When you go to the first link, there is no library link and the second link doesn't allow you to download the .pdf file.
Does anyone have a link that works?
Thanks

Joel Rubenstein · ‎08-30-2004

try http://www.hp.com/go/hpsim then go to Information Library then whitepapers. There you should find the information.

Larry Hedrick · ‎08-30-2004

The Direct Link doesn't wotrk for me either I went here:
http://h18013.www1.hp.com/products/servers/management/hpsim/infolibrary.html
Then selected teh document in teh White Papers section.

I am still seeing ports not listed in teh document though.. such as NetBIOS
Anyone know what HP SIM is using NetBIOS for...?

Jason Marshall_1 · ‎03-08-2005

I also did not find the white papers to be very helpful. Has anyone come to a conclusion on the ports that need to be opened?

Haridas · ‎03-08-2005

If the system is not being managed from HP Systems Insight Manager, only ports 2301 and 2381 should be enabled to enable browser access to System Management Homepage

if the system is only a managed node and there is no HPSIM on it, then enable the following ports only.

HP SMH Web Server* 2301 HTTP
HP SMH Secure Web Server* 2381 HTTPS
WBEM/WMI Mapper 5988 HTTP
WBEM/WMI Mapper Secure Port 5989 HTTPS
SSH port 22 SSH
SNMP Agent 161 SNMP
Ping Discovery (ICMP)** *** ICMP
Ping Discovery (TCP)** 80 HTTP

for ICMP, Allow incoming echo request.
********************************************

If the system has HPSIM and HPSMH, then enable the following ports.

HP SMH Web Server* 2301 HTTP
HP SMH Secure Web Server* 2381 HTTPS
WBEM/WMI Mapper 5988 HTTP
WBEM/WMI Mapper Secure Port 5989 HTTPS
SSH port 22 SSH
SNMP Agent 161 SNMP
Ping Discovery (ICMP)** *** ICMP
Ping Discovery (TCP)** 80 HTTP

SNMP Trap Listener 162 SNMP Trap (UDP)
HP Systems Insight Manager Web Server 280 HTTP
HP Systems Insight Manager Secure Web Server 50000 HTTPS
HP Systems Insight Manager SOAP 50001 HTTPS
HP Systems Insight Manager SOAP 50002 HTTPS
HP Systems Insight Managerl WBEM Event Receiver 50004 HTTPS/HTTP*

* Configurable in HP Systems Insight Manager

Jason Marshall_1 · ‎03-08-2005

Thank you Haridass. Does this account for VCA ports as well? I assume these are just HP defined FTP ports for pushing updates from SIM to IM trusted devices.

Haridas · ‎03-09-2005

Jason,
Yes,this accounts for VCA too. Some ports mentioned as standard, while some of them are HP specified.

Daniel Hoffman · ‎11-20-2007

We are having this issue as well, and although there is some good information in the replies, they do not address the overall question originally posed:

What is causing SIM to generate this traffic? Specifically the ports

80 137 139 9990 9991, etc?

David Claypool · ‎11-20-2007

80 is the standard HTTP web port...expect HP SIM to check this during device identification or if you have changed autodiscovery from using UDP to port 80.

137 and 139 are NetBIOS session and name services. Probably only indirectly related to HP SIM.

9990 and 9991 are unrelated to HP SIM itself, but are registered for usage by the Remote Support capabilities.

All of these are documented with the IANA at http://www.iana.org/assignments/port-numbers

Daniel Hoffman · ‎11-20-2007

I understand that the ports are not directly related to SIM, but the fact is SIM is still generating the traffic in question. My question is why is SIM generating this traffic and where are the configuration options to make it stop?

David Claypool · ‎11-20-2007

1a: You have never mentioned the frequency with which this happens. If this is related to HP SIM, you should only see port 80 on a daily basis during the period of Device Identification. You can edit AdditionalWSdisc.props and remove port 80, but this will mean that HP SIM is unable to identify items running at port 80, such as blade infrastructure web servers for switches, etc.

1b: The frequency of this case would only be with the frequency of autodiscovery and only would occur if you changed HP SIM from UDP ping to TCP port 80.

2. Uninstall NetBIOS.

3. Uninstall Remote Support Essentials.

justin brady_2 · ‎10-12-2008

Howdie,

I am looking to open up the minimum number of outbound ports only to manage HP servers behind a firewall. I initially opened up TCP 2301/2381 from the CMS to some managed nodes. I set the discovery port to be TCP 2301 and started my discovery. The servers were found but were not able to identify the server model. When I changed the ping back to 7/ICMP the server model was discovered. This suggests to me that the TCP ping cannot retrieve the same level of information. Is this correct? Do you have to use SNMP (UDP 161) or WBEM to retrieve server information such as software status? Is there a way to use 2301 or 2381 only to access the server status assuming the certificates are setup properly? If this is not the case then I assume the minimum requirement is TCP 2301/2381 and UDP 162. I will do VCA state locally in each zone to avoid the need for inbound rules.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: HP SIM Monitoring serves behind a Firewall

HP SIM Monitoring serves behind a Firewall