Dell PowerStore 1000T EMC PowerStore Security Configuration Guide - Page 29

Table 3. Appliance network ports related to file continued, Service, Protocol, Access Direction

Get Dell PowerStore 1000T PDF manuals and user guides View all Dell PowerStore 1000T manuals
Add to My Manuals
Save this manual to your list of manuals

Page 29 highlights

Table 3. Appliance network ports related to file (continued) Port Service Protocol Access Direction 464 Kerberos TCP/UDP Outbound 500 IPsec (IKEv2) UDP Bi-directional 636 1234 2000 2049 3268 4000 4001 4002 4003 4658 8888 LDAPS NFS mountd TCP/UDP TCP/UDP SSHD NFS I/O LDAP TCP TCP/UDP UDP STATD for NFSv3 TCP/UDP Outbound Bi-directional Inbound Bi-directional Outbound Bi-directional NLMD for NFSv3 TCP/UDP Bi-directional RQUOTAD for NFSv3 TCP/UDP; UDP Inbound; Outbound XATTRPD (extended TCP/UDP file attribute) PAX (NAS server TCP archive) RCPD (replication TCP data path) Inbound Inbound Inbound Description network connectivity to the port for continued operation. Disabling this port disables all SMB related services. If port 139 is also disabled, SMB file sharing is disabled. Required for Kerberos authentication services and SMB. To make IPSec work through your firewalls, open UDP port 500 and permit IP protocol numbers 50 and 51 on both inbound and outbound firewall filters. UDP Port 500 should be opened to allow Internet Security Association and Key Management Protocol (ISAKMP) traffic to be forwarded through your firewalls. IP protocol ID 50 should be set to allow IPSec Encapsulating Security Protocol (ESP) traffic to be forwarded. IP protocol ID 51 should be set to allow Authentication Header (AH) traffic to be forwarded. If closed, IPsec connection between PowerStore appliances will be unavailable. Secure LDAP queries. If closed, secure LDAP authentication will be unavailable. Used for the mount service, which is a core component of the NFS service (versions 2, 3, and 4). SSHD for serviceability (optional) Used to provide NFS services. Unsecure LDAP queries. If closed, Unsecure LDAP authentication queries will be unavailable. Used to provide NFS statd services. statd is the NFS file-locking status monitor and works in conjunction with lockd to provide crash and recovery functions for NFS. If closed, NAS statd services will be unavailable. Used to provide NFS lockd services. lockd is the NFS file-locking daemon. It processes lock requests from NFS clients and works in conjunction with the statd daemon. If closed, NAS lockd services will be unavailable. Used to provide NFS rquotad services. The rquotad daemon provides quota information to NFS clients that have mounted a file system. If closed, NAS rquotad services will be unavailable. Required for managing file attributes in a multi-protocol environment. PAX is an appliance archive protocol that works with standard UNIX tape formats. Used by the replicator (on the secondary side). It is left open by the replicator as soon Communication security settings 29

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
Table 3. Appliance network ports related to file (continued)
Port
Service
Protocol
Access Direction
Description
network connectivity to the port for
continued operation. Disabling this port
disables all SMB related services. If port 139
is also disabled, SMB file sharing is disabled.
464
Kerberos
TCP/UDP
Outbound
Required for Kerberos authentication
services and SMB.
500
IPsec (IKEv2)
UDP
Bi-directional
To make IPSec work through your firewalls,
open UDP port 500 and permit IP protocol
numbers 50 and 51 on both inbound and
outbound firewall filters. UDP Port 500
should be opened to allow Internet Security
Association and Key Management Protocol
(ISAKMP) traffic to be forwarded through
your firewalls. IP protocol ID 50 should be set
to allow IPSec Encapsulating Security
Protocol (ESP) traffic to be forwarded. IP
protocol ID 51 should be set to allow
Authentication Header (AH) traffic to be
forwarded. If closed, IPsec connection
between PowerStore appliances will be
unavailable.
636
LDAPS
TCP/UDP
Outbound
Secure LDAP queries. If closed, secure LDAP
authentication will be unavailable.
1234
NFS mountd
TCP/UDP
Bi-directional
Used for the mount service, which is a core
component of the NFS service (versions 2, 3,
and 4).
2000
SSHD
TCP
Inbound
SSHD for serviceability (optional)
2049
NFS I/O
TCP/UDP
Bi-directional
Used to provide NFS services.
3268
LDAP
UDP
Outbound
Unsecure LDAP queries. If closed, Unsecure
LDAP authentication queries will be
unavailable.
4000
STATD for NFSv3
TCP/UDP
Bi-directional
Used to provide NFS statd services. statd is
the NFS file-locking status monitor and
works in conjunction with lockd to provide
crash and recovery functions for NFS. If
closed, NAS statd services will be
unavailable.
4001
NLMD for NFSv3
TCP/UDP
Bi-directional
Used to provide NFS lockd services. lockd is
the NFS file-locking daemon. It processes
lock requests from NFS clients and works in
conjunction with the statd daemon. If closed,
NAS lockd services will be unavailable.
4002
RQUOTAD for
NFSv3
TCP/UDP; UDP
Inbound; Outbound
Used to provide NFS rquotad services. The
rquotad daemon provides quota information
to NFS clients that have mounted a file
system. If closed, NAS rquotad services will
be unavailable.
4003
XATTRPD (extended
file attribute)
TCP/UDP
Inbound
Required for managing file attributes in a
multi-protocol environment.
4658
PAX (NAS server
archive)
TCP
Inbound
PAX is an appliance archive protocol that
works with standard UNIX tape formats.
8888
RCPD (replication
data path)
TCP
Inbound
Used by the replicator (on the secondary
side). It is left open by the replicator as soon
Communication security settings
29