In ESM 11.x, to add a Distributed Enterprise Security Manager (DESM), both systems must have a Data Streaming Bus (DSB) appliance configured. The DESM's DSB must have the receivers for which you want to receive data linked to the DSB.
The following ports and protocols must be open for communication from the parent ESM to DESM:
- HTTPS port 443
- SSH port 22 by default
NOTES:
- If you've changed the SSH port on your DESM, use that port.
- If you have a proxy defined for the parent ESM, the attempt to connect on port 443 uses that proxy.
This connection is only needed while initially adding the DESM.
If the proxy is causing issues, temporarily remove the proxy configuration from the parent ESM and add the DESM.
- The DESM's DSB must be able to connect to the parent ESM DSB on port 9092.
NOTE: Port 9092 is the default. If you've changed the databus port on the parent ESM, the connection uses that port.
Connections between the DSBs, including event flow, start only after the following actions:
- The parent ESM has been approved to be added from the UI of the DESM.
- You've set a filter on the DESM from the parent ESM UI.