For security / compliance questions regarding Dynatrace AppMon & UEM, make sure to have a look at the Security and Compliance Whitepaper.
Can you change the port used by the collectors to connect to the server from 6699 to 443?
No, the ports 443 and 80 are already used by the instance (for Dynatrace Web). The collectors need to connect through the standard port 6699.
Can I choose different ports (e.g. client connection from 2021 to 8080) for security reasons?
Unfortunately, we cannot handle that kind of requests at the moment. We need to make sure that the basic configuration of all our server instances are standardized to enable us to react automatically trigger a rebuild of server instance in case of an issue with the underlying hardware. All custom configuration would be lost in that case, creating a disturbance for the customer (e.g. not being able to connect to the client, not being able to collect data, …).
You only need to open those ports for the specific instance URL or IP address (see below).
Which ports do I need to enable on my network?
It depends on your deployment, please refer to:
Once your instance has been created, it will receive a URL (customer.dynatracesaas.com) and a static IP - you only need to enable those ports for that specific URL or IP.
Can we create firewall rules where the Server is deployed to control which Collectors can connect to the server?
Yes, this is possible. Just open a support ticket (see Getting Support) to request the firewall rules to be created.
This functionality is only supported for instances using our latest network configuration. If your instance is older and using the previous network configuration, a migration of your instance will be required. This will cause the static IP of your instance to change.