000028860 - How to open TCP/IP ports in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Apr 24, 2020
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000028860
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: All
IssueThis RSA Knowledge Base Article describes how to open TCP/IP ports blocked by a firewall that are not opened by default in RSA Identity Governance & Lifecycle.

NOTE: Opening additional ports may represent a security threat.

ResolutionThe methods differ depending on the Operating System:


Modify iptables:

  1. Login to the server as the root user.
  2. Edit  /etc/sysconfig/iptables
  3. Add the following line:

iptables -I RH-Firewall-1-INPUT -j ACCEPT -p tcp --destination-port ***** -i eth0

Replace "*****" with the port number you want opened, that port will be opened (available) for access.

  1. Save and exit /etc/sysconfig/iptables
  2. Restart the firewall with the command:

service iptables restart


Add the relevant ports in the Advanced mode of the Firewall Allowed Services Yast module or edit SuSEfirewall2.


  1. Login to the server as the root user.
  2. Start Yast:

YastSecurity & Users > Firewall > Allowed Services > Advanced

Add your ports as space delimited/separated lists in the appropriate row (TCP, UDP and so on). Ranges are designated by a colon; e.g. ten VNC ports from 5905 to 5914 would be 5905:5914. You may use service names instead of numerical ports; e.g. http and 80 are the same.

  1. Exit Yast. The firewall will be automatically restarted.


  1. Login to the server as the root user
  2. Edit /etc/sysconfig/SuSEfirewall2
  3. Append the port number(s) to the following string. For example, to open ports 21 22 and 1158:

FW_SERVICES_EXT_TCP="21 22 1158"

  1. Save and exit /etc/sysconfig/SuSEfirewall2
  2. Restart the firewall with the following commands:

For SuSE 11 SP3:

/etc/init.d/SuSEfirewall2_init restart
/etc/init.d/SuSEfirewall2_setup restart


For SuSE 12 SP2:

systemctl restart SuSEfirewall2 SuSEfirewall2_init