This section provides an overview of the firewall and/or AWS security group requirements when running Charon-SSP.
The ports used by Charon-SSP can be different depending on the applications running on the host system and on the guest Solaris system. They will also depend on the configured Charon-SSP features. The information in this section is informational only and can never be totally complete.
Please note: if an SSH VPN tunnel is created to access the Charon-SSP host and guest systems, only the SSH port must be accessible. All other applications can run through the encrypted tunnel.
The following table provides an overview of the most frequently used network ports in a Charon-SSP installation. They must be taken into account when configuring firewalls and AWS security groups allowing access to the Charon-SSP installation.
Component | Port(s) | Purpose | Applicable to AWS version |
---|---|---|---|
SSH, SFTP, SSH tunneling | 22 (TCP) | SSH access; required for
| Y |
Charon-SSP Agent | 9091 (TCP and UDP) | Communication with Charon-SSP Manager and Charon-SSP Director | Y |
9101 (UDP) | Communication with Charon-SSP Director | Y | |
Graphics emulation | default: 11001 (TCP) | Mouse event data (port must be unique on host system) | Y |
default: 11000 (TCP) | Keyboard event data (port must be unique on host system) | Y | |
default: 11100 (TCP), 11101 (TCP) | Remote screen emulation for single (one port) or dual (two ports) screen (default ports can be changed; must be unique on host system) | Y | |
Telnet or TCP raw mode serial ports/serial console | default: 9000 (TCP) | Port to access emulated serial console or other emulated serial port via TCP. Port must be unique for each emulated port on host system. | Y |
Xephyr X-server | 6001-6100 (TCP); port specified in X11 server configuration | Determines the X DISPLAY number. For example: 6100 indicates DISPLAY :100. Must be unique on host system. | Y |
7100 (TCP) | Font-server port | Y | |
177 (TCP and UDP) | XDMCP server | Y | |
NFS server | 111 (TCP and UDP) | RPC portmapper | |
ports assigned via portmapper by default | use # rpcinfo -p to determine ports used (conventional product only) | ||
static port assignments | For example: setting RPCMOUNTDOPTS="-p port" in | ||
VNC server on host system | 5901-5910 (TCP) | Actual port depends on VNC server configuration. Allow a remote client to access the VNC server on the host system. | |
License manager, license server | 1947 (TCP and UDP) | Access to web-based Sentinel ACC GUI, identification of remote network licenses served by license servers, using remote network licenses. | |
8080 (TCP) | Access to cloud license server. | Y | |
License client | 30000 to 65535 (UDP) | Incoming answers from license servers if broadcast search is used. | |
PulseAudio server | 4713 (TCP) | Emulated audio device | Y |
iSCSI target | 3260 (TCP and UDP) | Required for the initiator to access the target. |