I would like to confirm the open ports and tns connectivity in the following situation.
I have a monitored host and a middleware server and a repository; all in one area protected by a firewall.
What connectivity does the client GUI need to access PA.
Do we need an open listener port 1521 for Oracle connectivity to the monitored host?
PA GUI does NOT need a connection to the Oracle listener port (default 1521) of the monitored database.
PA GUI does use the client machine SQLNet (Oracle Client functionality) but not to the monitored DB. PA Client needs to know the SID and PA port number (default 3566) and then it initiates a connection to the monitored host server on PA port and gets all the config details such as the location of middleware host and port and the repository DB host and user authentication system (host or database .. does not matter usually in Oracle) and the listener port number of the repository DB.
So even if the monitored host DB listener port (default 1521) is blocked and even if the monitored database is shut down, PA client will still connect and show data. Of course, if the DB is down, it does not display any data in Real Time. But let us say, only the listener is down, then too PA client connects and displays monitored DB info. PA client does not require a listener connection to monitored DB. But, the middleware processes do require and make the SQLNet connectivity to the monitored DB for collecting Advisory related information and for submission of Change Tracking related SQL statements.
So, in brief, blocking access to listener port of monitored DB does have adverse effect on PA middleware services but PA client can still connect and display data.
The PA client needs a direct connection to the repository database via SQL Net.