I suggest you also get UDP/162 opened up (trap port) inbound to NetView - not
strictly necessary for discovery but you'll almost certainly need it later.

I would definitely recommend the follwoing IBM Redbook:
SG24-6229 - Extending Network Management Through Firewalls

Cheers,
Jane

Darren_Tucker AT advantra.com DOT au wrote:

> > What ports on firewall must be opened to discover and to  manage nodes on
> 192.168.1.xxx network ?
>
> You can probably get away with:
> ICMP ping (type code 8) out, ping responses (type code 0 ) back.
> SNMP (UDP/TCP port 161) out and responses back.
>
> The exact firewall rules will depend on the capabilities of the firewall.
>
> Note that unless you have SNMP enabled on the firewall, you probably won't
> discover them and you'll need to use either seedfiles (edit
> /usr/OV/conf/netmon.seed) or loadhosts (run "echo ipaddress hostname
> |loadhosts -m subnetmask") to load the devices into NetView.
>
>           -Daz.
>
> _________________________________________________________________________
> NV-L List information and Archives: http://www.tkg.com/nv-l

--
Tivoli Certified Enterprise Consultant & Instructor
Skills 1st Limited, 2 Cedar Chase, Taplow, Bucks, SL6 0EU, UK
Tel: +44 (0)1628 782565
Copyright (c) 2001 Jane Curry <jane.curry AT skills-1st.co DOT uk>.  All rights
reserved.