Go to main content

Oracle® ILOM Security Guide For Firmware Releases 3.x and 4.x

Exit Print View

Updated: May 2019
 
 

Preconfigured Services and Network Ports

Oracle ILOM comes preconfigured with most services enabled by default. This makes the deployment of Oracle ILOM simple and straightforward. However, each open service network port on the server represents a potential attach point by a malicious user. It is therefore important to understand the initial Oracle ILOM settings, and their purpose, and to choose which services are actually required for a deployed system. For best security, enable only the required Oracle ILOM services.

The following table lists the services that are enabled by default with Oracle ILOM.

Table 4  Services and Ports Enabled by Default
Service
Port(s)
HTTP redirection to HTTPS
80
HTTPS
443
IPMI TLS client connections

Note -  IPMI TLS client connections are supported as of Oracle ILOM firmware 3.2.8 and later.

623 (TCP)
IPMI LAN and LANPLUS client connections
623 (UDP)
Remote KVMS for Oracle ILOM Remote Console
5120, 5121, 5122, 5123, 5555, 5556, 7578, 7579
Remote KVMS for Oracle ILOM Remote Console Plus
5120, 5555
Service Tag
6481
SNMP
161
Single Sign-on
11626
SSH
22

The following table shows the services that are disabled by default with Oracle ILOM.

Table 5  Services and Ports Disabled by Default
Service
Port(s)
HTTP
80