Skip to end of metadata
Go to start of metadata

The operation of Checkmk requires specific ports and protocols to be opened to ensure normal functionality. In this article, you can find these requirements.

General Ports

CENTRAL Site → REMOTE Site(s)
DST 6557/tcpFor Livestatus (when running several sites on the same host, additional ports may be necessary)
DST 80/tcp and/or 443/tcpUsed for the Sync if distributed WATO is enabled
DST 6555/tcpUsed for notification forwarding when central notification is enabled and the central site establishes the notification spooler connection to the remote site
REMOTE Site(s) → CENTRAL Site
DST 80/tcp and/or 443/tcpUsed for the agent bakery and the dynamic host configuration
DST 6555/tcpUsed for the forwarding of the notifications when central notification is enabled and the Remote site is establishing the connection
CENTRAL /Remote Site(s) → Monitored hosts
DST 6556/tcpIs used for the connections to the CMK Agent
DST 161/udpIs used for SNMP
DST 443/tcpFor hosts which are monitored via the API (VMware or NetApp)
Further ports e.g. for active checks
Monitored hosts  → CENTRAL /Remote Site(s)
DST 80/tcp and/or 443/tcpAgent updater (Agent Bakery)
DST 6559/udpRealTime Checks (rarely used)
DST 162/tcpProcessing SNMP traps (Event Console)
DST 514/udp and 514/udpProcessing syslog messages (Event Console)
DST 8000/tcpAgent Controller TLS registration (when running several sites on the same host, additional ports may be necessary)

Checkmk Appliance Cluster

Checkmk Appliance Node 1 <->Checkmk Appliance Node 2

TCP 80/443

Is used for the Webconf Access

TCP 7789 DRBD 

Is used or the DRBD sync

UDP 4321 Corosync

UDP 4323 Corosync

Is used for corosync

TCP 3121 Pacemaker

Is used for Pacemaker


Additional Ports

Some more ports you may need (outgoing from the Checkmk server):

  • Sending notifications from Checkmk Server via Mail (SMTP or SMTPS)
  • NTP Time synchronization 
  • DNS 
  • LDAP Authentication (LDAP/LDAPS)


Write a comment…