Firewall and OCI Security Rules Considerations
This section provides an overview of the firewall and/or cloud security configuration requirements when running Charon-SSP.
The ports used by Charon-SSP can be different depending on the applications running on the host system and on the guest Solaris system. They will also depend on the configured Charon-SSP features. The information in this section is informational only and can never be totally complete.
If an SSH VPN tunnel is used to access the Charon-SSP host and guest systems, only the SSH port must be accessible. All other applications can run through the encrypted tunnel.
The following table provides an overview of the most frequently used network ports in a Charon-SSP installation. They must be taken into account when configuring firewalls and cloud security allowing access to the Charon-SSP installation.
Component | Port(s) | Purpose | Applicable to Cloud version |
---|---|---|---|
SSH, SFTP, SSH tunneling | 22 (TCP) | SSH access; | Y |
Charon-SSP Agent | 9091 (TCP and UDP) | Communication with Charon-SSP Manager and Charon-SSP Director | Y |
9101 (UDP) | Communication with Charon-SSP Director | Y | |
Graphics emulation | default: 11001 (TCP) | Mouse event data (port must be unique on host system) | Y |
default: 11000 (TCP) | Keyboard event data (port must be unique on host system) | Y | |
default: 11100 (TCP), 11101 (TCP) | Remote screen emulation for single (one port) or dual (two ports) screen (default ports can be changed; must be unique on host system) | Y | |
Telnet or TCP raw mode serial ports | default: 9000 (TCP) | Port to access emulated serial console or other emulated serial port via TCP. Port must be unique for each emulated port on host system. | Y |
Xephyr X-server | 6001-6100 (TCP); port specified in X11 server configuration | Determines the X DISPLAY number. For example: 6100 indicates DISPLAY :100. Must be unique on host system. | Y |
7100 (TCP) | Font-server port | Y | |
177 (TCP and UDP) | XDMCP server | Y | |
NFS server | 111 (TCP and UDP) | RPC portmapper | |
ports assigned by portmapper | use # rpcinfo -p to determine ports used (conventional product only) | ||
static port assignments | For example: setting RPCMOUNTDOPTS="-p port" in | ||
VNC server on host system | 5901-5910 (TCP) | Actual port depends on VNC server configuration. Allow a remote client to access the VNC server on the host system. | |
License manager, license server | 1947 (TCP and UDP) | Access to web-based Sentinel ACC GUI, identification of remote network licenses served by license servers, using remote network licenses. | |
8080 (TCP) | Access to cloud license server. | Y | |
License client | 30000 to 65535 (UDP) | Incoming answers from license servers if broadcast search is used. | |
PulseAudio server | 4713 (TCP) | Emulated audio device | Y |
iSCSI target | 3260 (TCP and UDP) | Required for the initiator to access the target. |
© Stromasys, 1999-2024 - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.