This page lists the firewall ports that you need to open to allow communication with SolarWinds LEM. Any firewalls that stand between any two points of communication should allow inbound and/or outbound traffic across the specified ports to ensure that LEM works properly.
In the table, "inbound" assumes that the LEM VM is behind the firewall, and that firewall rules allow network traffic through the firewall to the LEM VM.
All Versions of LEM.
If you use multiple SolarWinds products, see Port requirements for all SolarWinds products.
|22, 32022||TCP||SSH||Bidirectional||SSH traffic to the SolarWinds LEM VM. (Port 22 is not used prior to version 6.3.x.)|
|25||TCP||SMTP||Outbound||SMTP traffic from the SolarWinds LEM VM to your email server for automated email notifications.|
|80, 8080||TCP||HTTP||Bidirectional||Non-secure HTTP traffic from the SolarWinds LEM Console to the SolarWinds LEM VM. (LEM closes this port when activation completes, but you can re-open it with the CMC |
|139, 445||TCP||NetBIOS, SMB||Bidirectional|| |
Standard Windows file sharing ports (NetBIOS Session Service, Microsoft SMB) that LEM uses to export debug files, syslog messages, and backup files.
The LEM Remote Agent Installer also uses these ports to install agents on Microsoft Windows hosts across your network.
|161, 162||TCP||SNMP||Bidirectional||SNMP trap traffic received from devices, and used by Orion to monitor LEM. (Monitoring LEM on port 161 is not used prior to version 6.3.x.)|
|389, 636||TCP||LDAP||Outbound|| |
LDAP ports that the LEM Directory Service Connector tool uses to communicate with a designated Active Directory domain controller.
The LEM Directory Service Connector tool uses port 636 for SSL communications to a designated Active Directory domain controller.
|443, 8443||TCP||HTTPS||Bidirectional|| |
HTTPS traffic from the SolarWinds LEM Console to the LEM VM.
LEM uses these secure HTTP ports after LEM is activated.
|(445)||TCP||See entry for port 139.|
|514||TCP or UDP||Syslog||Inbound||Syslog traffic from devices sending syslog event messages to the SolarWinds LEM VM.|
|(636)||TCP||See entry for port 389.|
|2100||UDP||NetFlow||Inbound||NetFlow traffic from devices sending NetFlow to the SolarWinds LEM VM.|
|6343||UDP||sFlow||Inbound||sFlow traffic from devices sending sFlow to the SolarWinds LEM VM.|
|(8080)||TCP||See entry for port 80.|
|(8443)||TCP||See entry for port 443.|
|8983||TCP||nDepth||Inbound||nDepth traffic sent from nDepth to the LEM VM containing raw (original) log data.|
|9001||TCP||LEM Reports||Bidirectional||LEM Reports traffic used to gather LEM Reports data on the LEM VM.|
|(32022)||TCP||See entry for port 22.|
|37890-37892||TCP||LEM Agents||Inbound||LEM Agent traffic sent from SolarWinds LEM Agents to the SolarWinds LEM VM. (These ports correspond to the destination ports on the LEM VM.)|
|37893-37896||TCP||LEM Agents||Outbound||LEM Agent return traffic sent from the SolarWinds LEM VM to the SolarWinds LEM Agents. (These ports correspond to the destination ports on the LEM agents.)|
Note: LEM no longer uses the port listed in the following table.
|5433||TCP||LEM Reports||Inbound||Port 5433 is no longer used. Previously, this port carried traffic from SolarWinds LEM Reports to the SolarWinds LEM VM. This was used by versions prior to LEM 5.6, for which support ended December 2015.|
In LEM 6.2 and later, LEM will need access to the following URL to use the automatic connector update function and the Threat Feeds function: