How do TPAM console appliances and DPAs (Distributed Processing Appliance) communicate within a cluster? What network ports need to be open between TPAM and DPAs? What firewall ports need to be open?
Network communication between TPAM console appliances
Each TPAM appliance will listen and communicate to each other on port TCP/8000. This port is used for replication between each TPAM console appliance.
Network communication between TPAM console appliances and DPAs
TCP/443 is used for the Gossip protocol and resource allocation for PSM sessions between DPAs and console appliances. This is initiated from the TPAM console to the DPA.
The DPAs communicate back to the TPAM console appliances on TCP/443, for notify functionality of event capture/restricted commands.
From 2.5.916, the DPAs communicate back to the TPAM console appliances on TCP/9443 for PSM session initiation, heartbeat, and file transfer.
The DPA's use the configured SSH port (TCP/22 by default) for PSM session startup and PPM functions. The DPA pushes PSM recordings back to the TPAM console appliances on port TCP/22.
Firewall Rules
If using firewalls:
- Ensure each TPAM console will accept TCP/8000 traffic from all other TPAM console appliances in the cluster.
- Ensure each TPAM console appliance will accept TCP/22, TCP/443 and TCP/9443 traffic from all DPAs in the cluster
- Ensure each DPA will accept TCP/22 and TCP/443 traffic from all TPAM console appliances in the cluster
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center