Charon-SSP V4.0.1 - Firewall and Cloud Security Configuration Considerations

This section provides an overview of the firewall and/or cloud security configuration requirements when running Charon-SSP.

(warning) The ports used by Charon-SSP can be different depending on the applications running on the host system and on the guest Solaris system. They will also depend on the configured Charon-SSP features. The information in this section is informational only and can never be totally complete.

Please note: if an SSH VPN tunnel is created to access the Charon-SSP host and guest systems, only the SSH port must be accessible. All other applications can run through the encrypted tunnel.

The following table provides an overview of the most frequently used network ports in a Charon-SSP installation. They must be taken into account when configuring firewalls and cloud security allowing access to the Charon-SSP installation.

ComponentPort(s)PurposeApplicable to Cloud version
SSH, SFTP, SSH tunneling22 (TCP)

SSH access; required for

  • access to the Charon-SSP host command-line,
  • connecting to the Charon-SSP host  using the Charon Manager's built-in SSH feature,
  • SFTP file transfer, and
  • SSH VPN tunnels.



Y

Charon-SSP Agent

9091 (TCP and UDP)

Communication with Charon-SSP Manager and Charon-SSP Director

Y

9101 (UDP)

Communication with Charon-SSP Director

Y

Graphics emulation

default: 11001 (TCP)

Mouse event data (port must be unique on host system)

Y


default: 11000 (TCP)

Keyboard event data (port must be unique on host system)

Y


default: 11100 (TCP), 11101 (TCP)

Remote screen emulation for single (one port) or dual (two ports) screen (default ports can be changed; must be unique on host system)

Y

Telnet or TCP raw mode serial ports/serial console

default: 9000 (TCP)

Port to access emulated serial console or other emulated serial port via TCP. Port must be unique for each emulated port on host system.


Y

Xephyr X-server

6001-6100 (TCP); port specified in X11 server configuration

Determines the X DISPLAY number. For example: 6100 indicates DISPLAY :100. Must be unique on host system.

Y


7100 (TCP)

Font-server port

Y


177 (TCP and UDP)

XDMCP server

Y

NFS server

111 (TCP and UDP)

RPC portmapper



ports assigned by portmapper

use # rpcinfo -p to determine ports used (conventional product only)



static port assignments

For example: setting RPCMOUNTDOPTS="-p port" in
/etc/sysconfig/nfs will add "-p port" to the rpc.mount command (conventional product only).


VNC server on host system

5901-5910 (TCP)

Actual port depends on VNC server configuration. Allow a remote client to access the VNC server on the host system.


License manager, license server

1947 (TCP and UDP)

Access to web-based Sentinel ACC GUI, identification of remote network licenses served by license servers, using remote network licenses.



8080 (TCP)Access to cloud license server.Y

License client

30000 to 65535 (UDP)

Incoming answers from license servers if broadcast search is used.


PulseAudio server

4713 (TCP)

Emulated audio device

Y

iSCSI target

3260 (TCP and UDP)

Required for the initiator to access the target.




© Stromasys, 1999-2024  - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.