Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
TOCTOC
Include Page
KBCOMMON:KB-CSSstyleKBCOMMON:KB-CSSstyle
This section provides an overview of the firewall and/or AWS security group requirements when running
PDC:Charon-SSP
.

(warning) The ports used by Charon-SSP can be different depending on the applications running on the host system and on the guest Solaris system. They will also depend on the configured Charon-SSP features. The information in this section is informational only and can never be totally complete.

Please note: if an SSH VPN tunnel is created to access the Charon-SSP host and guest systems, only the SSH port must be accessible. All other applications can run through the encrypted tunnel.

The following table provides an overview of the most frequently used network ports in a Charon-SSP installation. They must be taken into account when configuring firewalls and AWS security groups allowing access to the Charon-SSP installation.

...

SSH access; required for

  • access to the Charon-SSP host command-line,
  • connecting to the Charon-SSP host  using the Charon Manager's built-in SSH feature,
  • SFTP file transfer, and
  • SSH VPN tunnels.

Y

...

Charon-SSP Agent

...

9091 (TCP and UDP)

...

Communication with Charon-SSP Manager and Charon-SSP Director

...

Communication with Charon-SSP Director

...

Graphics emulation

...

default: 11001 (TCP)

...

Mouse event data (port must be unique on host system)

...

default: 11000 (TCP)

...

Keyboard event data (port must be unique on host system)

...

default: 11100 (TCP), 11101 (TCP)

...

Remote screen emulation for single (one port) or dual (two ports) screen (default ports can be changed; must be unique on host system)

...

Telnet or TCP raw mode serial ports/serial console

...

default: 9000 (TCP)

...

Port to access emulated serial console or other emulated serial port via TCP. Port must be unique for each emulated port on host system.

Y

...

Xephyr X-server

...

6001-6100 (TCP); port specified in X11 server configuration

...

Determines the X DISPLAY number. For example: 6100 indicates DISPLAY :100. Must be unique on host system.

...

7100 (TCP)

...

Font-server port

...

177 (TCP and UDP)

...

XDMCP server

...

NFS server

...

111 (TCP and UDP)

...

RPC portmapper

...

ports assigned by portmapper

...

use # rpcinfo -p to determine ports used (conventional product only)

...

static port assignments

...

For example: setting RPCMOUNTDOPTS="-p port" in
/etc/sysconfig/nfs will add "-p port" to the rpc.mount command (conventional product only).

...

VNC server on host system

...

5901-5910 (TCP)

...

Actual port depends on VNC server configuration. Allow a remote client to access the VNC server on the host system.

...

License manager, license server

...

1947 (TCP and UDP)

...

Access to web-based Sentinel ACC GUI, identification of remote network licenses served by license servers, using remote network licenses.

...

License client

...

30000 to 65535 (UDP)

...

Incoming answers from license servers if broadcast search is used.

...

PulseAudio server

...

4713 (TCP)

...

Emulated audio device

...

iSCSI target

...

3260 (TCP and UDP)

...

Required for the initiator to access the target.

Include Page
KBCOMMON:DOC-GoToTocKBCOMMON:DOC-GoToTocV4.0.1 - Firewall and Cloud Security Configuration Considerations
PDC:Charon-SSP V4.0.1 - Firewall and Cloud Security Configuration Considerations