Dell PowerStore 1000T EMC PowerStore Security Configuration Guide - Page 28

Table 3. Appliance network ports related to file, Outbound ports are ephemeral., Service, Protocol

Get Dell PowerStore 1000T PDF manuals and user guides View all Dell PowerStore 1000T manuals
Add to My Manuals
Save this manual to your list of manuals

Page 28 highlights

NOTE: Outbound ports are ephemeral. Table 3. Appliance network ports related to file Port Service Protocol 20 FTP TCP 21 FTP TCP 22 SFTP TCP 53 DNS TCP/UDP 88 Kerberos TCP/UDP 111 RPC bind (for TCP/UDP SDNAS namespaces; otherwise, host service) 123 NTP UDP 135 Microsoft RPC TCP 137 Microsoft Netbios UDP; TCP/UDP WINS 138 Microsoft Netbios UDP BROWSE 139 Microsoft CIFS TCP 389 LDAP TCP/UDP 445 Microsoft SMB TCP Access Direction Outbound Inbound Inbound Outbound Outbound Bi-directional Outbound Inbound Inbound; Outbound Outbound Bi-directional Outbound Inbound Description Port used for FTP data transfers. This port can be opened by enabling FTP. Authentication is performed on port 21 and defined by the FTP protocol. Port 21 is the control port on which the FTP service listens for incoming FTP requests. Allows alert notifications through SFTP (FTP over SSH). SFTP is a client/server protocol. Users can use SFTP to perform file transfers on an appliance on the local subnet. Also provides outgoing FTP control connection. If closed, FTP will not be available. Used to transmit DNS queries to the DNS server. If closed, DNS name resolution will not work. Required for SMB v1. Required for Kerberos authentication services. Opened by the standard portmapper or rpcbind service and is an ancillary appliance network service. It cannot be stopped. By definition, if a client system has network connectivity to the port, it can query it. No authentication is performed. NTP time synchronization. If closed, time will not be synchronized among appliances. Multiple purposes for MicroSoft Client. Also used for NDMP. The NETBIOS Name Service is associated with the appliance SMB file sharing services and is a core component of that feature (Wins). If disabled, this port disables all SMB related services. The NETBIOS Datagram Service is associated with the appliance SMB file sharing services and is a core component of that feature. Only Browse service is used. If disabled, this port disables Browsing capability. The NETBIOS Session Service is associated with appliance SMB file sharing services and is a core component of that functionality. If SMB services are enabled, this port is open. It is specifically required for SMB v1. Unsecure LDAP queries. If closed, Unsecure LDAP authentication queries will be unavailable. Secure LDAP is configurable as an alternative. SMB (on domain controller) and SMB connectivity port for Windows 2000 and later clients. Clients with legitimate access to the appliance SMB services must have 28 Communication security settings

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
NOTE:
Outbound ports are ephemeral.
Table 3. Appliance network ports related to file
Port
Service
Protocol
Access Direction
Description
20
FTP
TCP
Outbound
Port used for FTP data transfers. This port
can be opened by enabling FTP.
Authentication is performed on port 21 and
defined by the FTP protocol.
21
FTP
TCP
Inbound
Port 21 is the control port on which the FTP
service listens for incoming FTP requests.
22
SFTP
TCP
Inbound
Allows alert notifications through SFTP (FTP
over SSH). SFTP is a client/server protocol.
Users can use SFTP to perform file transfers
on an appliance on the local subnet. Also
provides outgoing FTP control connection. If
closed, FTP will not be available.
53
DNS
TCP/UDP
Outbound
Used to transmit DNS queries to the DNS
server. If closed, DNS name resolution will
not work. Required for SMB v1.
88
Kerberos
TCP/UDP
Outbound
Required for Kerberos authentication
services.
111
RPC bind (for
SDNAS namespaces;
otherwise, host
service)
TCP/UDP
Bi-directional
Opened by the standard portmapper or
rpcbind service and is an ancillary appliance
network service. It cannot be stopped. By
definition, if a client system has network
connectivity to the port, it can query it. No
authentication is performed.
123
NTP
UDP
Outbound
NTP time synchronization. If closed, time will
not be synchronized among appliances.
135
Microsoft RPC
TCP
Inbound
Multiple purposes for MicroSoft Client. Also
used for NDMP.
137
Microsoft Netbios
WINS
UDP; TCP/UDP
Inbound; Outbound
The NETBIOS Name Service is associated
with the appliance SMB file sharing services
and is a core component of that feature
(Wins). If disabled, this port disables all SMB
related services.
138
Microsoft Netbios
BROWSE
UDP
Outbound
The NETBIOS Datagram Service is
associated with the appliance SMB file
sharing services and is a core component of
that feature. Only Browse service is used. If
disabled, this port disables Browsing
capability.
139
Microsoft CIFS
TCP
Bi-directional
The NETBIOS Session Service is associated
with appliance SMB file sharing services and
is a core component of that functionality. If
SMB services are enabled, this port is open.
It is specifically required for SMB v1.
389
LDAP
TCP/UDP
Outbound
Unsecure LDAP queries. If closed, Unsecure
LDAP authentication queries will be
unavailable. Secure LDAP is configurable as
an alternative.
445
Microsoft SMB
TCP
Inbound
SMB (on domain controller) and SMB
connectivity port for Windows 2000 and
later clients. Clients with legitimate access to
the appliance SMB services must have
28
Communication security settings