Is it possible to change the ports the LEM and Agent use for communication? i.e. change 37890-37892 to a single static port? (DISA STIG)
I believe you cannot change the port to a single static port as it is the way how the agent design to be, in order to send the traffic from agent to LEM Appliance.
For LEM Appliance, as you do not have root access to the appliance, hence by default beside the provided command, it is impossible to change anything on the appliance itself.
Port 37890 is only used by Agents when they first run, to kick off the certificate exchange. Then they move to 37892. 37891 is a back-up port, and provided in case you're running old Agent software.
There is a way using configuration files on both ends to change this, if necessary, but those 37890-37892 ports outbound are actually static and you will still need at least 1 of them (as Curtis mentioned, you can close 37890 after initial connection, and it's unlikely you'll see 37891).
The ports that will be used to connect to 37890-37892 are also fixed and in a configuration file, in case you need to change the initiating end.
