It looks like you read the documentation so this may not be helpful but in case you missed it....
Port 135 TCP – RPC Endpoint Mapper
The Patch Manager server uses this port to establish WMI connections to remote computers. It also uses this port to connect to the Service Control Manager (SCM) when it provisions the WMI providers dynamically on the remote computer. Create a firewall exception to allow traffic from the Patch Manager server to your managed computers over this port. To do this if you are using Windows Firewall on your managed computers, enable the Inbound Rules in the Windows Management Instrumentation (WMI) group.
Port 445 TCP – SMB over TCP
The Patch Manager server uses this port when it provisions the WMI providers to a remote computer. Enable File and Print Sharing on the client systems using the applicable network management tools.
Port 4092 – Console-to-Server Communication
The Patch Manager console uses this port to communicate to an independent Patch Manager application server. This is a one-way communication channel, so it only requires inbound TCP traffic on the application server. Patch Manager servers in a distributed environment also use this port in the same manner for "downstream" communication. For example, the Patch Manager Primary Application Server (PAS) uses port 4092 to communicate with remote Patch Manager servers in secondary server roles.
Port 8787 TCP – Web Console Connections
By default, users connect to the Patch Manager web console server on port 8787. You can specify an alternative port in the SolarWinds Configuration Wizard on the server running the Patch Manager web console server.
Port 17777 TCP – SolarWinds Information Service
The SolarWinds Information Service (SWIS) facilities data exchange for the Patch Manager web console, along with the web console Application Programing Interface (API). Ensure this port is not blocked on servers running the Patch Manager web console server.
Dynamic Ports 1024-65536 – DCOM or RPC
WMI technology is based on Distributed Component Object Model (DCOM)/RPC communication. DCOM/RPC allocates the ports used by the server within a dynamic port range. This range is typically between 1024 and 65536. To configure these ports using Windows Firewall on your managed computers, enable the Inbound Rules in the Windows Management Instrumentation (WMI) group.
Yes - I saw this in the documentation. My problem is - I would like to avoid opening TCP ports 1024-65536 in my firewall if I can help it. I thought that the agent took care of this and communicated on its own dedicated port.
2 of 2 people found this helpful
The agent uses the Console-to-Server Communication port (4092) to connect back to an automation server in your environment so you'll only need to have that one port open vs all ephemeral ports.