Identity Server by default listens on port 8443. It requires port 8443 to be opened in firewall for the communication between a browser and Identity Server. To avoid opening 8443 port in firewall, you can configure Identity Server to listen on standard port 443.
The Identity Server service (hosted on Tomcat) runs as a non-privileged user and cannot bind to ports below 1024. To allow requests to port 80/443 while Tomcat is listening on 8080/8443, use iptables to perform a port translation. Port translation allows the base URL of Identity Server to be configured for port 443 and to listen on this port. iptables translates it to port 8443 when communicating with Tomcat.
The following are two of many possible solutions:
Simple iptables Script: If you have disabled the SUSE Linux Enterprise Server (SLES) firewall and do not have any other Access Manager components installed on the Identity Server machine, you can use a simple iptables script to translate the ports. See Configuring a Simple Redirect Script
in the NetIQ Access Manager 5.0 Installation and Upgrade Guide.
If you have configured the SLES firewall or have installed other Access Manager components on Identity Server, you use a custom rule script that allows for multiple port translations. See Configuring iptables for Multiple Components
in the NetIQ Access Manager 5.0 Installation and Upgrade Guide.