Secure API Manager uses various ports to communicate with Access Manager and NetIQ so that it can receive patches and upgrades. Your deployment type determines which ports Secure API Manager uses and how you manage the ports.
In an appliance deployment, the appliance has only certain ports open for security reasons. For more information, see View the Open Ports in the Firewall
in the NetIQ Secure API Manager 2.2 Appliance Administration Guide.
WARNING:Do not change any of the firewall settings on the appliances that you deploy. Secure API Manager automatically configures the firewall setting on each appliance for you. If you do change the firewall settings on the appliances, the Secure API Manager system is no longer supported.
Use the following information to help you properly configure your firewalls external to the appliances. The table below is not complete. The following items are some of the most common ports the appliances use. Ensure that you do not block the ports; otherwise, you might disable communication between the components or you might not be able to receive patch updates and upgrades.
Ensure that you understand the communication flow between the Secure API Manager components, administrative workstations, internal workstations, and external access to the API Gateway. For more information, see How Secure API Manager Authorizes APIs and How Secure API Manager Authentications Work.
Table 2-3 Secure API Manager Default Open Ports
Ports |
Description |
---|---|
Appliance |
|
9443 |
Administration of the appliance |
443 |
Communication with Access Manager |
If you have a Docker deployment, you are responsible for deploying and securing the SUSE Linux Enterprise Server host machine including the appropriate ports. Ensure that you follow the instructions in the SUSE Linux Enterprise Server 15 SP5 Security and Hardening Guide.
Secure API Manager has two-way communication through port 9444 between the API Gateway and Access Manager. Ensure that you leave port 9444 open on your firewall in both directions.
IMPORTANT:Docker reserves the IP address range of 172.18.0.1/12. You cannot use any IP address range of 172.16.0.1 - 172.31.255.254. If you use these IP address the Docker deployment has network conflicts.