Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Network services

The table below describes the services which are released in the base system of the Management Unit. Using ACL the services can be restricted further for specific networks, see section "Security at Net Unit level".
HNC and SU x86 are protected by default and are not described in detail.

Type

Name and Port

Application

TCP

ssh (22)

Communication at shell level (e.g. BS2000 console/dialog, SVP console, shadow terminal)

TCP

http (80)

Communication via this port is always redirected to https (443).

TCP

https (443)

Communication between the browser (e.g. on the administrator PC) and the system’s web interface (e.g. SE Manager)

TCP

iascontrol-oms (1156)

PRSC/prscx (Periodical Remote System Check) regularly sends sign of life messages to the Support Center

TCP

storman (4178)

Optional: for communication with StorMan (add-on)

TCP

5800

Browser access to the VNC shadow functionality of the remote service (AIS Connect)

TCP

5900

VNC viewer access to the VNC shadow functionality of the remote service (AIS Connect)

TCP

10021-10022

In the case of an SKP network (redundant SKP) for SKP-SKP communication

TCP

rs2_rctd (13333)

for remote service connections of BS2000

UDP

domain (53)

Integration into the Domain Name Service (DNS)

UDP

multicast-ping (9903)

for monitoring components

UDP

ntp (123)

Integration into the Network Time Protocol (NTPl)

UDP

snmp (161)

For reading SNMP access by management stations

UDP

snmptrap (162)

For receiving SNMP traps from the hardware monitoring

UDP

syslog (514)

for monitoring components

UDP

dhcpv6-client (546)

Optional: the DHCPv6 client port is used when a LAN interface is configured accordingly

ICMP

-

Internet Control Message Protocol (ping)

Table 1: Ports for incoming connections

These ports are released for incoming connections by means of the packet filter (SuSEfirewall2) which is installed on all the systems. All other ports are locked.

All ports are released for outgoing connections in the packet filter.

A port for incoming connections which is released in the packet filter does not constitute a security risk provided the service using this port is not started because the system blocks every connection attempt.

Note on HNC and SU x86

When using the Net-Storage functionality via the MANPU and DANPU networks, there are direct outgoing connections on these units, but these do not pose a security risk.

Settings of the external firewall

The ports described in table1 may need to be enabled in the external firewall. Exceptions are TCP 10021-10022, which serve the redundant SKP functionality of the MUs within the SE server.

In addition, if necessary, ports for further optional functions with outgoing connections must also be enabled.

  • If LDAP is used the LDAP port set in SEM (depending on the chosen protocol 389 or 636 by default), and ports 88 and 750 for Kerberos.
  • For the SNMP queries, port 161 must be open in the firewall.
  • For traps, port 162.

Examples:

  • Connection to an LDAP server, TCP port 389 by default

  • NFSv4 port TCP 2049 using Net-Storage functionality

  • In the case of ROBAR, the ports required for access to the storage systems must be unlocked.