|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: SA Series 4s Appliances
RSA Version/Condition: 10.4.x
O/S Version: 6
|Issue||Security Analytics version 10.4.0.2 requires a number of ports to communicate between SA appliances and other hosts. A port diagram and list of the required ports is posted at sadocs.emc.com and you may use this article and the attached Python script to check the status of these ports. |
This script also checks for the two additional ports (8140 and 61614) noted in RSA Security Analytics 10.4 is experiencing connectivity issues due to blocked ports, (KB article 29087).
Download the attached script, copy it to each of your SA appliances and run the script to check the 60 ports used by SA.
|Resolution||Follow these steps to test ports between Security Analytics appliances.|
If the time between port tests is longer than a few milliseconds, it might imply network latency. In our test lab, hosts on the same switch reply within a few milliseconds while hosts on different switches take as log as one second to respond.
Study the closed ports that are used by your specific appliance using the Network Architecture and Ports found at sadocs.emc.com as a guide. Make sure all ports used by any given appliance are OPEN.
Sample Output of "portstatus.txt"
Run Date: Mon Mar 16 19:09:37 2015 [# Date report created]
|Notes||Note that not every port will be used in every environment. For example, if you do not deploy ESA appliances, ports 50030 and 27017 will not be used.|