Firewall requirements for CommandCentral

Article:HOWTO16643  |  Created: 2009-01-11  |  Updated: 2010-12-07  |  Article URL http://www.symantec.com/docs/HOWTO16643
Article Type
How To


Environment

Subject


Firewall requirements for CommandCentral

CommandCentral components use several ports to discover, monitor, and manage your storage infrastructure.

If CommandCentral cannot communicate across these ports, certain features do not function properly. Note the following examples:

  • The Management Server communicates with Standard Agents and Control Hosts through port 1556. If this port is blocked, the Management Server cannot receive discovery data from Standard Agents and Control Hosts.

    See About the Standard Agent.

    See About the Control Host.

  • The Management Server communicates with Unified Agents through port 5634. If this port is blocked, the Management Server cannot receive discovery data from the Unified Agent.

    See About the Unified Agent.

  • The CommandCentral Console is accessible through port 8443. If this port is blocked, users cannot access the Console.

    See About the Management Server.

Table: CommandCentral default port assignments identifies the default ports that CommandCentral components use to transfer information. Ensure that these ports are accessible to CommandCentral.

Note:

The following ports are for communication between CommandCentral components. When CommandCentral discovers devices, it uses ports to communicate between its device explorers and command line tools from hardware vendors. For information about the specific ports that are required to communicate between device explorers and device controllers, see the CommandCentral Hardware and Software Configuration Guide.

Note:

If you install the Management Server on Windows and the host has the Windows Firewall enabled, open port 4032 or disable the Windows Firewall. If you do not make one of these changes, authorization commands may hang.

Table: CommandCentral default port assignments

Port

Protocol

Initiator - Recipient

Bidirectional?

Purpose

Impact if blocked

22

TCP

Management Server or Control Host - remote UNIX host

Yes

Agentless discovery of remote UNIX hosts

Incomplete discovery

135

TCP

Management Server or Control Host - remote Windows host

Yes

Agentless discovery of remote Windows hosts

Incomplete discovery

161

SNMP

Devices - Alarm Service on Management Server

No

Alert and performance data in CommandCentral Storage

Incomplete alert and performance data in CommandCentral Storage

162

UDP

Management Server - other

No

UDP traps, sent as a notification mechanism

Cannot use traps to send information to another management application

162

UDP

Devices - Management Server

No

UDP traps, used as a data source for monitoring the storage network

Cannot use traps as a backup mechanism for SNMP polling

1556

CORBA

Various communications to and from the Management Server, Authentication Broker, Control Hosts, and Standard Agents

No

Authentication, monitoring, discovery, etc.

CommandCentral does not function

1556

CORBA

Simple Instrumentation Collection Layer on the Standard Agent and Control Host - Alert Manager on the Management Server

Yes

Alert and performance data in CommandCentral Storage

Incomplete alert and performance data in CommandCentral Storage

1885

TCP/IP

Alarm Service on the Management Server - Alert Manager on the Management Server

No

Trap sharing

None - the port is not used across the firewall

2821

TCP/UDP

Web Engine on the Management Server - Authentication Service running within Symantec Web Server (VRTSweb)

No

User authentication

Cannot log in to the Console

2821

TCP/UDP

Authentication Service running within Symantec Web Server (VRTSweb) - Authentication Service and Authorization Service on the Management Server

No

User authorization

Cannot log in to the Console

2994

JDBC

Database on the Management Server - Web Engine on the Management Server

Yes

Store settings

None - the port is not used across the firewall

2994

JDBC

Database on the Management Server - Central HAL Manager (CHM) on the Management Server

No

Agent discovery and store settings

None - the port is not used across the firewall

2994

JDBC

Database on the Management Server - Alert Manager on the Management Server

Yes

Policy, collectors, alerts, and store settings

None - the port is not used across the firewall

5634

TCP

Unified Agents - Management Server and Control Hosts - Management Server

Yes

Obtain discovery information from Unified Agents and communication between Control Hosts and the Management Server

Incomplete discovery data

8181

HTTP over TCP/IP

Web browser - Web Engine on the Management Server

Yes

Runs the Console

No access to the Console

8443

HTTPS over TCP/IP

Web Browser - Web Engine on the Management Server

Yes

Runs the Console

No access to the Console


Legacy ID



v9298283_v15597848


Article URL http://www.symantec.com/docs/HOWTO16643


Terms of use for this information are found in Legal Notices