Gateway Network Setup
IT-Conductor Gateway is a reverse proxy and requires specific port configurations and network access.
Important
IT-Conductor Gateway does not require the incoming connections to be enabled aside for the following exceptions:
SSH (Port 22) access to the host from the tenant's internal network for gateway configuration and troubleshooting.
Remote Gateway Configuration (port 8080). Not recommended, instead, use SSH and the command line interface. (Optional)
API Server (Port 8889) for local IT-Conductor Alert API (Optional)
IT-Conductor RSyslog Server (Port 514 UDP or TCP) (Optional)
IT-Conductor Cloud
The gateway is using HTTPS port 443 to communicate with IT-Conductor cloud services hosted on the public network as DNS name: agents.itconductor.com
Ensure that firewall rules and routing are properly configured. You can test access from the gateway SSH session by executing the following command:
curl -I https://agents.itconductor.com/statusIf all is working properly the following output should be produced:
HTTP/2 200
date: <Day of the Week>, <Day> <Month> <Year> <Time>
content-security-policy: default-src 'self' http://docs.itconductor.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://docs.itconductor.com ; style-src 'self' http://docs.itconductor.com data: 'unsafe-inline' *.google.com *.googleapis.com; connect-src 'self' blob: https://*.google.com; form-action 'self' http://docs.itconductor.com ; frame-ancestors 'self' http://docs.itconductor.com ; img-src 'self' *.itconductor.com *.gstatic.com http://translate.google.com blob: data: 'self' 'unsafe-inline'; font-src 'self' fonts.gstatic.com fonts.googleapis.com blob: https://*.google.com data: 'unsafe-inline'; report-uri /cspReportViolation;
x-xss-protection: 1
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
content-type: text/html
cache-control: no-store
content-length: 0On-Premise Applications
In addition to connecting to IT-Conductor cloud services on the public network, the gateway needs to be able to access systems and applications on the private network. The routing to application-specific hosts may require configuration in the gateway host routing settings.
Depending on the application type, the firewall must have the appropriate hosts, protocols, and ports enabled for incoming connection to the respective application from the IT-Conductor gateway.
SAP NetWeaver (ABAP)
SAP Dispatcher
3200-3299
32<NN>
Gateway
3300-3399
33<NN>
Secured Gateway
4800-4899
48<NN>
Message Server
3600-3699
36<NN>
SAP J2EE
P4 (JMX)
50004-59904
5<NN>04
P4S (JMX Secure)
50006-59906
5<NN>06
HTTP
50000-59900
5<NN>00
HTTPS
50001-59901
5<NN>01
SAP HANA
SQL (SystemDB)
30013-39913
3<NN>13
SQL (Tenant DB Single)
30015-39915
3<NN>15
SQL (Tenant DB Multi)
30041-39998
3<NN>41[+3]
Host Agent
HTTP
50013-59913
5<NN>13
HTTPS
50014-59914
5<NN>14
DB/OS HTTP
1128
-
DB/OS HTTPS
1129
-
Other Systems and Applications
For other systems and applications, see port configurations below:
Cloud-based Applications and Platforms
HTTPS: 443
SAP BusinessObjects
Default: 6410 (SIA (Server Intelligence Agent) port)
Default: 6400 (Central Management Server (CMS) port)
For distributed clustered environments with multiple CMS, unique ports are assigned to each CMS and SIA node, normally 640<n> and 641<n>, respectively.
SAP BusinessObjects DataServices
Default: 6405 (REST API)
SAP Cloud Connector
Default: 8443 (REST API)
SAP DB
Default: 7210 (Unencrypted over TCP)
Default: 7260 (Unencrypted over SAP NI)
Default: 7270 (TLS over SAP NI)
SAP ASE
Default: 4901
JDBC client ports are configurable. Please consult your DBA.
InterSystems IRIS
Default: 1972 (JDBC)
JDBC client ports are configurable. Please consult your DBA.
Microsoft SQL Server
Default: 1433
JDBC client ports are configurable. Please consult your DBA.
Oracle (DBMS)
Default: 1521
JDBC client ports are configurable. Please consult your DBA.
Linux
SSH: 22
Windows
WinRM/HTTP: 5985
WinRM/HTTPS: 5986
CIFS (aka SMB, Windows File Server protocol)
TCP: 445
Veeam Backup Server
Default: 9419 (REST API)
Syslog Server
TCP and UDP (Incoming): 514
Last updated