Unsolved
This post is more than 5 years old
8 Posts
0
101495
Ports / Firewall
Hello,
I've been working with my Security team to get the right ports opened for OIVV. We have opened everything listed here:
With regards to ports 2049 and 4001-4004, they are listed as being UDP. However, we see them as TCP on our firewall. We would like to confirm which protocol these ports should be. Thanks!
dougrowland
6 Posts
0
June 18th, 2014 14:00
At least you got that much. I went off an ealier document:
http://en.community.dell.com/techcenter/systems-management/w/wiki/3840.ports-used-by-the-openmanage-integration-for-vmware-vcenter.aspx
It didn't mention port 111 for NFS. So I got my firewall request approved and implemented, but it won't mount the directory for patch updates (or ESX installs). Anyway, I got the firewall guys to run a report. The firewall is blocking port 111 and port 635. I can't find a reference to 635 anywhere except that it is used for NFS. I wonder if 635 will still be needed if I get port 111 opened up?
Z0nker
8 Posts
0
June 18th, 2014 15:00
Interesting...we didn't open 635, but it could be because 111 was open. We ended up having to open the following from the oivv appliance to the ESXi hosts:
UDP 162
HTTPS 443
TCP 111
TCP 4001-4003
TCP 2049
This seems to be working as I have been pushing out firmware updates and using the iDRAC functionality without any issues.
Greevous
6 Posts
0
July 7th, 2014 12:00
Z0nker,
When you say that you had those ports opened up to the ESXi host, did you mean from the appliance to the iDRAC or to the management interface of the ESXi host?
please advise.
Thanks
Greevous
Greevous
6 Posts
0
July 7th, 2014 14:00
I'll try this first thing tomorrow morning and let you know.
Really appreciate the help.
Thanks.
dougrowland
6 Posts
0
July 7th, 2014 14:00
ugh. Forum truncated my table. Let's try again:
or subnet
dougrowland
6 Posts
0
July 7th, 2014 14:00
I realize you are asking Z0nker, but here's what I originally requested:
(If Applicable)
or subnet
(If Applicable)
or subnet
Everything seemed to work except mounting of the NFS shares, I now have another request into security to get port 111 opened up.
(If Applicable)
or subnet
(If Applicable)
or subnet
111
Hopefully it will work fine after that.
Z0nker
8 Posts
0
July 8th, 2014 08:00
Sorry...was away on vacation.
Just to clarify, we had to open communication from the oivv appliance to the iDRAC interfaces.
Greevous
6 Posts
0
July 8th, 2014 12:00
I'm still waiting on the firewall team to open the ports. Does oiw work in your environment?
This is the message I get when it breaks:
[Firmware Update] File: R810_BIOS_F6M82_WN32_2.9.0.EXE - Status: Failed - Message: iDRAC - The remote share location that has the ISO/DUP image did not mount correctly.
Greevous
6 Posts
0
July 14th, 2014 07:00
Still no luck. working with Dell to resolve this issue. I'll let you know how it turns out.
Greevous
6 Posts
0
July 14th, 2014 15:00
It works!
I asked the firewall team to allow me read-only access to the firewall logs and I noticed that port tcp111 and tcp 635 were being blocked on one of the two firewalls between the iDRAC and the virtual appliance. They just pushed the new rule set and bingo, it works now.
Thanks everyone for your help and input! much appreciate.
Greevous
dougrowland
6 Posts
0
July 15th, 2014 12:00
Also, what Gen servers are you talking to? We are mostly M915's (Gen 11 / iDrac 6).
Just wondering if it is different with Gen12 / iDrac 7?
dougrowland
6 Posts
0
July 15th, 2014 12:00
Congrats. Does it seem to work as advertised?
I'm still having issues. I got 111 opened up last week. It still fails trying to mount the NFS share. I'm guessing I should have had 635 opened also. I'm waiting on my firewall guys to get back with me.
This is very frustrating.
Greevous
6 Posts
0
September 15th, 2014 16:00
Sorry for the long delay in response to sum it up here is what I have:
The Admin IP is any host you want to use to manage the OMI Appliance from.
It gets you to the OMI's web interface.
It is a little clunky, but it does work as advertised.
Greevous