Showing results for 
Show  only  | Search instead for 
Did you mean: 

About Agent Manager network connectivity and ports



I have two questions about Agent Manager NW connectivity with other DC RUM components:

1. The Agent Manager service is listening on ports 9014 and 9015. When I add a new Child Agent Manager via the Synthetic Console, is the required NW access Parent -> TCP 9014,9015 -> Child or

Child -> TCP 9014,9015 -> Parent, or both ways?

2. CAS is polling data from the Agent Manager either via port 9014 or 9015. In case the RUM Console is installed on a separate server, does the firewall need to be open to the defined port 9014/9015 also from the RUM Console server? If so, why is that access needed - perhaps only to test that the Agent Manager is up and running, when adding a new device? Or is there some continued need for RUM to access the Agent Manager?





Hi, Kalle.

  1. The required NW access should be both ways:

Parent <-> TCP 9014,9015 <-> Child

  1. In 12.5, the Parent Agent Manager needs to access the RUM Console server on its port to authenticate the ESM Console user. I do not know when the RUM Console needs to connect to the Parent Agent Manager on 9014/9015. But, I think it may be continuous since the RUM Console shows the status of the connection.

I hope this is helpful. Thanks!

Thanks for the response! I was also suspecting that the RUM connection might be required simply so that the status light can be displayed as green in the RUM console. But I wasn't sure if that request was routed via CAS, where the actual continuous data transfer is happening. For now I suppose we'll assume that the direct connection from RUM to Agent Manager is indeed required.


Update to "The required NW access should be Parent -> TCP 9014,9015 -> Child"

-> it appears the other way around is also needed, so that the child managers can send data to the parent


Yes, Kalle. Sorry about that! I corrected the earlier response.


I'll just add one more note here, in case it could be of help for someone. CAS doesn't need TCP 9014/9015 access only to the Parent Agent Manager -> if and when the Transaction Trace reporting feature is used, CAS also needs that TCP 9014/9015 access to any Child Agent Managers. So even though the basic monitoring data is routed to CAS from the Child Managers via the Parent, CAS still needs that direct access in order to display the Trace reports.

This is just one of those things you might not realize when the servers are in the same VLAN, but in a more distributed environment it becomes something you need to make a note of.

Good point. Thanks, Kalle.


Hello again. Since I think this post covers pretty much all the required communication for Agent Managers, I'll add one more that's missing.

When registering an agent for agent-initiated communication using a Child Manager, the port 9018 needs to be open towards the Parent. Meaning:

Child Manager -> TCP 9018 -> Parent Manager

To my knowledge, this is only required during the registration process. If the port is blocked, it will result in this error:

Unable to register with Vantage Manager [AGENT_MANAGER_HOSTNAME:9018]: error [0]