Link: http://technet.microsoft.com/en-us/library/jj656649.aspx#BKMK_Firewall

Supported Firewall Scenarios

The following table shows Operations Manager feature interaction across a firewall, including information about the ports used for communication between the features, which direction to open the inbound port, and whether the port number can be changed.

Operations Manager 2012 Firewall Scenarios

Operations Manager Feature A Port number and direction Feature B Configurable Note
Management server 1433 —> Operational database Yes (Setup)
Management server 1434 UDP < — Operational database No If the operational database is installed on a named instance of SQL Server 2008 SP1, SQL Server 2008 SP2, SQL Server 2008 SP3, SQL Server 2008 R2, SQL Server 2008 R2 SP1, or SQL Server 2008 R2 SP2 such as in a cluster, and the Windows Firewall is enabled on the management server, you have to also open UDP 1434 inbound on the management server.
Management server 5723, 5724 —> Management server No Port 5724 must be open to install this feature and can be closed after this feature has been installed.
Management server 1433 –> Reporting data warehouse No
Reporting server 5723, 5724 —> Management server No Port 5724 must be open to install this feature and can be closed after this feature has been installed.
Operations console 5724 —> Management server No
Connector Framework source 51905 —> Management server No
Web console server Selected web site port —> Management server No
Web console (for Application Diagnostics 1433, 1434 —> Operational database Yes (Setup)
Web console (for Application Advisor) 1433, 1434 —> Data warehouse Yes (Setup)
Web console (for Application Advisor) 80 —> SQL Server Reporting Services No
Web console browser 80, 443 —> web console server Yes (IIS Admin) Default for HTTP or SSL.

For either Network Authentication or Mixed Authentication, an account name and password can be sent as part of the request. We recommend you use SSL.

 

Agent installed by using MOMAgent.msi 5723 —> Management server Yes (Setup)
Agent installed by using MOMAgent.msi 5723 —> Management server Yes (Setup)
Agent installed by using MOMAgent.msi 5723 —> Gateway server Yes (Setup)
Gateway server 5723 —> Management server Yes (Setup)
Agent (Audit Collection Services (ACS) forwarder) 51909 —> Management server Audit Collection Services (ACS) Collector Yes (Registry)
Agentless Exception Monitoring data from client 51906 —> Management server Agentless Exception Monitoring (AEM) file share Yes (Client Monitoring Wizard)
Customer Experience Improvement Program data from client 51907 —> Management server (Customer Experience Improvement Program) Endpoint Yes (Client Monitoring Wizard)
Operations console (reports) 80 —> SQL Server Reporting Services No The Operations console uses port 80 to connect to the SQL Server Reporting Services website.
Reporting server 1433 —> Reporting data warehouse Yes
Management server (Audit Collection Services Collector) 1433 —> Audit Collection Services (ACS) database Yes
Management Server 161, 162 <—> Network device Yes All firewalls between the management servers in the resource pool and the network devices need to allow SNMP (UDP) and ICMP bi-directionally, and ports 161 and 162 need to be open bi-directionally. This includes Windows Firewall on the management server itself.

If your network devices are using a port other than 161 and 162, you need to open bi-directional UDP traffic on these ports as well.

Management server or gateway server 1270 — > UNIX or Linux computer No
Management server or gateway server 22 — > UNIX or Linux computer Yes