Data Services
The following table provides a description and ports used for each data service.
Table 1-1 Data Services
| Service | Description | Ports Used |
|---|---|---|
|
NFS |
Filesystem access via the NFSv3 and NFSv4 protocols |
111 and 2049 |
|
iSCSI |
LUN access via the iSCSI protocol |
3260 and 3205 |
|
SMB |
Filesystem access via the SMB protocol |
SMB-over-NetBIOS 139 SMB-over-TCP 445 NetBIOS Datagram 138 NetBIOS Name Service 137 |
|
Virus Scan |
Filesystem virus scanning |
|
|
FTP |
Filesystem access via the FTP protocol |
21 |
|
HTTP |
Filesystem access via the HTTP protocol |
80 |
|
HTTPS |
For incoming secure connections |
443 |
|
NDMP |
NDMP host service |
10000 |
|
Remote Replication |
Remote replication |
216 and 217 |
|
Encryption |
Transparent encryption for file systems and LUNs |
|
|
Shadow Migration |
Shadow data migration |
|
|
SFTP |
Filesystem access via the SFTP protocol |
218 |
|
TFTP |
Filesystem access via the TFTP protocol |
|
|
Storage Area Network |
Storage Area Network target and initiator groups |
Minimum Needed Ports
To provide security on a network, you can create firewalls. Port numbers are used for creating firewalls, and they uniquely identify a transaction over a network by specifying the host and the service.
The following list shows the minimum ports required for creating firewalls:
Inbound Ports
-
icmp/0-65535 (PING)
-
tcp/1920 (EM)
-
tcp/215 (BUI)
-
tcp/22 (SSH)
-
udp/161 (SNMP)
Additional inbound ports if HTTP file sharing is used (typically it is not):
-
tcp/443 (SSL WEB)
-
tcp/80 (WEB)
Outbound Ports
-
tcp/80 (WEB)
Note:
For replication, use Generic Routing Encapsulation (GRE) tunnels where possible. This lets traffic run on the back-end interfaces and avoid the firewall where traffic could be slowed. If GRE tunnels are not available on the NFS core, you must run replication over the front-end interface. In this case, port 216 and port 217 must also be open.