Communication Ports for Additional Polling Engine

Yes (and yes, MSMQ is needed)

here's the document: http://www.solarwinds.com/documentation/Orion/docs/SolarWindsPortRequirements.pdf

/RjL

What I have I got from that document.  I just wanted those were the only communication paths necessary for the additional poller to communicate with the rest of the SolarWinds environment and function properly.  It sounds like you would agree that those are the correct communication paths?

I believe in that document they're also suggesting that port 17778 is opened. Though I'm not exactly sure what it's used for other than "secure SWIS communication". Though I've seen deployments that didn't have this port opened and seemed to function without issue.

Yeah, I saw that but I believe that is only if you want to be accessing the API which in this case we don't need to.

I was really hoping somebody from SolarWinds would chime in on this and confirm for me.  I tried calling support but I didn't get a very good feeling that the guy I was talking to had a high degree of confidence in how it was supposed to be setup.

I'm sure you know this but I didn't see it mentioned so I figured I'd add it. You'll need 161/162 for SNMP as well as 443 for VMware API polling if you're doing that. Other than that it looks good to me. If you are using a non-standard port for SQL you can specify that in the config wizard very easily but I doubt you are from the port list you have above. Good luck on the addition!

Yeah, the monitoring bits aren't an issue because the poller is being installed in a secure environment.  I just need to know which ports it needs open to communicate back to the "mothership".

In my experience you need the following. I'm being really explicit here in case your additional poller is in a DMZ or across any kind of firewall. If it's just another poller in the core, you probably don't need to worry about some of these.

Addt'l Poller <--> Orion Platform:     icmp

Addt'l Polller --> Primary Poller: TCP 80

Addt'l Polller --> Addt'l web server (if you have it): TCP 80

Addt'l Poller <--> Orion Platform:     TCP 17777 (SW Information Service)

Addt'l Poller <--> Orion Platform: TCP 17778 (the other SW Information Service)

Addt'l Poller --> SQL Server:         TCP 1433 (SQL Server Communication)

..OR whatever port you have your SQL server on.

I did NOT need to open this port:

Addt'l Poller --> Orion Platform:     TCP 1801 (MSMQ)  Not sure if this is needed or not?

Also note that if your DBA's (like mine) do NOT open ports by default, but instead used named instances, you will NEED to have a port set up if you are going through a firewall.

Finally, make sure that the communications between your additional poller and the targets is opened up. That means everything you will use to monitor has to be opened. it can be opened one way - meaning that the poller will always initiate the communication and the server will respond - presuming you don't actively PROHIBIT that return traffic in your firewall rules.

• icmp
• SNMP poll (UDP 161)
• RPC (TCP 139, 443, and a mess of others I can't think of right now)
• WMI (all ports over 1024)

Hope that helps.

- Leon

Thanks Leon Adato!  When I talked to the support guy I asked about port 80 between web and addt'l poller and he didn't seem to think that was required.  As far as the rest of your list is concerned, that seems like it's very likely correct and adds the few bits I was missing.

Sorry, yes. I also went and checked with TCPview.

Obviously ICMP. SNMP polling, Active directory, DNS, syslog, traps, etc... all have their own port requirements as well...

1801 will probably be need to be open for MSMQ, I think it depends on the exact version of all of the solarwinds components. Nothing fails exactly, you will just get odd errors.

On some versions this is used to communicate to the remote poller force rediscovery, polling, list resources on nodes, and without it being open they fail with some odd error.

On other versions they reverted to using the 17777 business layer port for this function.

this is/was broken when you have FOE installed, since they bound to the specific IP address of the additional poller, not its name, so when you are failed-over the messages don't go anywhere useful..

port 80 is not needed -- the only purpose is for when you run the installer to the 'open web console' link works after the additional poller is installed.

port 17778 is only needed to communicate with the SWIS engine, normally running on the application server; the Additional poller does not use this. (this might have changed after 10.6, but I've not tested that)