Data Services
The following table provides a description and ports used for each data
service.
Table 1 Data Services
|
|
|
NFS
|
Filesystem access via the NFSv3 and NFSv4 protocols
|
111 and 2049
|
iSCSI
|
LUN access via the iSCSI protocol
|
3260 and 3205
|
SMB
|
Filesystem access via the SMB protocol
|
SMB-over-NetBIOS 139
SMB-over-TCP 445
NetBIOS Datagram 138
NetBIOS Name Service 137
|
Virus Scan
|
Filesystem virus scanning
|
|
FTP
|
Filesystem access via the FTP protocol
|
21
|
HTTP
|
Filesystem access via the HTTP protocol
|
80
|
HTTPS
|
For incoming secure connections
|
443
|
NDMP
|
NDMP host service
|
10000
|
Remote Replication
|
Remote replication
|
216 and 217
|
Encryption
|
Transparent encryption for file systems and LUNs
|
|
Shadow Migration
|
Shadow data migration
|
|
SFTP
|
Filesystem access via the SFTP protocol
|
218
|
TFTP
|
Filesystem access via the TFTP protocol
|
|
Storage Area Network
|
Storage Area Network target and initiator groups
|
|
|
Minimum Needed Ports
To provide security on a network, you can create firewalls. Port numbers are used
for creating firewalls, and they uniquely identify a transaction over a network by
specifying the host and the service.
The following list shows the minimum ports required for creating firewalls:
Inbound Ports
-
icmp/0-65535 (PING)
-
tcp/1920 (EM)
-
tcp/215 (BUI)
-
tcp/22 (SSH)
-
udp/161 (SNMP)
Additional inbound ports if HTTP file sharing is used (typically it is
not):
-
tcp/443 (SSL WEB)
-
tcp/80 (WEB)
Outbound Ports
Note -
For replication, use Generic Routing Encapsulation (GRE) tunnels where
possible. This lets traffic run on the back-end interfaces and avoid the
firewall where traffic could be slowed. If GRE tunnels are not available on the
NFS core, you must run replication over the front-end interface. In this case,
port 216 and port 217 must also be open.