The M&M default agent only allows you to specify 1 port for remote management, but it actually uses two ports. The second port is allocated dynamically, which makes it very unfriendly when the agent is deployed behind a firewall.
I believe we should specify a user-friendly configuration for the default agent where:
1) only one port is used, when possible (only possible when there's either no SSL at all,
or when both the default's agent RMI Registry & client connection use SSL), and/or
2) make it possible to specify to specify the second port number.
One solution could be to extend the jmxremote.port syntax to support something like: