Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Z0nker

8 Posts

101495

June 10th, 2014 07:00

Ports / Firewall

Hello,

I've been working with my Security team to get the right ports opened for OIVV. We have opened everything listed here:

http://www.dell.com/support/manuals/us/en/19/Topic/dell-mgmt-plugin-for-vmware-center-2.0/OMIvCentervSp20UG-v1/en-us/GUID-01272AC9-C9CA-4B46-B0E5-F875DFA56054

With regards to ports 2049 and 4001-4004, they are listed as being UDP. However, we see them as TCP on our firewall. We would like to confirm which protocol these ports should be. Thanks!

dougrowland

6 Posts

June 18th, 2014 14:00

At least you got that much.  I went off an ealier document:

http://en.community.dell.com/techcenter/systems-management/w/wiki/3840.ports-used-by-the-openmanage-integration-for-vmware-vcenter.aspx

It didn't mention port 111 for NFS.  So I got my firewall request approved and implemented, but it won't mount the directory for patch updates (or ESX installs).   Anyway, I got the firewall guys to run a report.  The firewall is blocking port 111 and port 635.  I can't find a reference to 635 anywhere except that it is used for NFS.  I wonder if 635 will still be needed if I get port 111 opened up?

Z0nker

8 Posts

June 18th, 2014 15:00

Interesting...we didn't open 635, but it could be because 111 was open. We ended up having to open the following from the oivv appliance to the ESXi hosts:

UDP 162

HTTPS 443

TCP 111

TCP 4001-4003

TCP 2049

 

This seems to be working as I have been pushing out firmware updates and using the iDRAC functionality without any issues.

Greevous

6 Posts

July 7th, 2014 12:00

Z0nker,

When you say that you had those ports opened up to the ESXi host, did you mean from the appliance to the iDRAC or to the management interface of the ESXi host?

please advise.

Thanks


Greevous

Greevous

6 Posts

July 7th, 2014 14:00

I'll try this first thing tomorrow morning and let you know.


Really appreciate the help.


Thanks.

dougrowland

6 Posts

July 7th, 2014 14:00

ugh.  Forum truncated my table.  Let's try again:

Source Host Source IP address
or subnet		 TCP or UDP? Dest Host Dest IP Dest Port
omvcenter 172.31.16.100 UDP ESXi hosts 162
omvcenter 172.31.16.100 UDP ESXi hosts 11620
omvcenter 172.31.16.100 TCP ESXi hosts 443
omvcenter 172.31.16.100 TCP iDracs 443
omvcenter 172.31.16.100 TCP iDracs 4433
omvcenter 172.31.16.100 UDP iDracs 2049
omvcenter 172.31.16.100 UDP iDracs 4001-4004
ESXi hosts UDP omvcenter 172.31.16.100 162
ESXi hosts UDP omvcenter 172.31.16.100 11620
ESXi hosts TCP omvcenter 172.31.16.100 443
iDracs TCP omvcenter 172.31.16.100 4433
iDracs UDP omvcenter 172.31.16.100 2049
iDracs UDP omvcenter 172.31.16.100 4001-4004

dougrowland

6 Posts

July 7th, 2014 14:00

I realize you are asking Z0nker, but here's what I originally requested:

 

Source Host Name
(If Applicable)		 Source IP address
or subnet		 TCP or UDP? Destination Host Name
(If Applicable)		 Destination Host IP Address
or subnet		 Destination Port
omvcenter 172.31.16.100 UDP See list of ESXi hosts 162
omvcenter 172.31.16.100 UDP See list of ESXi hosts 11620
omvcenter 172.31.16.100 TCP See list of ESXi hosts 443
omvcenter 172.31.16.100 TCP See list of iDracs 443
omvcenter 172.31.16.100 TCP See list of iDracs 4433
omvcenter 172.31.16.100 UDP See list of iDracs 2049
omvcenter 172.31.16.100 UDP See list of iDracs 4001-4004
See list of ESXi hosts UDP omvcenter 172.31.16.100 162
See list of ESXi hosts UDP omvcenter 172.31.16.100 11620
See list of ESXi hosts TCP omvcenter 172.31.16.100 443
See list of iDracs TCP omvcenter 172.31.16.100 4433
See list of iDracs UDP omvcenter 172.31.16.100 2049
See list of iDracs UDP omvcenter 172.31.16.100 4001-4004

Everything seemed to work except mounting of the NFS shares, I now have another request into security to get port 111 opened up.

 

Source Host Name
(If Applicable)		 Source IP address
or subnet		 TCP or UDP? Destination Host Name
(If Applicable)		 Destination Host IP Address
or subnet		 Destination Port
See list of iDracs UDP/TCP omvcenter 172.31.16.100

111

 

 

 

Hopefully it will work fine after that.

 

 

 

Z0nker

8 Posts

July 8th, 2014 08:00

Sorry...was away on vacation.

Just to clarify, we had to open communication from the oivv appliance to the iDRAC interfaces.

Greevous

6 Posts

July 8th, 2014 12:00

I'm still waiting on the firewall team to open the ports. Does oiw work in your environment?

This is the message I get when it breaks:

[Firmware Update] File: R810_BIOS_F6M82_WN32_2.9.0.EXE - Status: Failed - Message: iDRAC - The remote share location that has the ISO/DUP image did not mount correctly.

Greevous

6 Posts

July 14th, 2014 07:00

Still no luck. working with Dell to resolve this issue. I'll let you know how it turns out.

Greevous

6 Posts

July 14th, 2014 15:00

It works!


I asked the firewall team to allow me read-only access to the firewall logs and I noticed that port tcp111 and tcp 635 were being blocked on one of the two firewalls between the iDRAC and the virtual appliance. They just pushed the new rule set and bingo, it works now.

Thanks everyone for your help and input! much appreciate.


Greevous

dougrowland

6 Posts

July 15th, 2014 12:00

Also, what Gen servers are you talking to?  We are mostly M915's (Gen 11 / iDrac 6).

Just wondering if it is different with Gen12 / iDrac 7?

 

dougrowland

6 Posts

July 15th, 2014 12:00

Congrats.  Does it seem to work as advertised?

I'm still having issues.  I got 111 opened up last week.  It still fails trying to mount the NFS share.  I'm guessing I should have had 635 opened also.  I'm waiting on my firewall guys to get back with me.

This is very frustrating.

 

RED016: Mount of remote share failed.
  2014-07-15T08:21:09-0500
Log Sequence Number: 746
Detailed Description:
The remote share location that has the ISO image did not mount correctly.
Recommended Action:
1. Verify that the path to the share is correct and that the parameters to the call are correct. 2. Verify that there are no network connectivity issues. 3. Verify that the mount point exists.
 
RED006: Dell Update Package download failed.
  2014-07-15T08:19:09-0500
Log Sequence Number: 742
Detailed Description:
Dell Update Package download failed.
Recommended Action:
Check the network connection and access to the update package from the system

Greevous

6 Posts

September 15th, 2014 16:00

Sorry for the long delay in response to sum it up here is what I have:

From To Port Type Port Number Protocols
ESXi IP OMI App IP UDP 162 SNMP Agent
ESXi IP OMI App IP UDP 11620 SNMP Agent
DRAC IP OMI App IP UDP 69 tftp
DRAC IP OMI App IP TCP 443 WSMAN
DRAC IP OMI App IP TCP 4433 HTTPS
DRAC IP OMI App IP UDP 2049 NFS
DRAC IP OMI App IP TCP 4001-4004 NFS
DRAC IP OMI App IP TCP 111 NFS
DRAC IP OMI App IP TCP 635 NFS
OMI App IP Internet TCP 21 FTP
OMI App IP DNS Server TCP 53 DNS
OMI App IP Internet TCP 80 HTTP
OMI App IP DRAC IP TCP 443 WSMAN
OMI App IP DRAC IP UDP 2049 NFS
OMI App IP DRAC IP UDP 4001-4004 NFS
OMI App IP DRAC IP TCP 5869 OMCC
OMI App IP ESXi IP TCP 443  
Admin IP OMI App IP TCP 80 HTTP
Admin IP OMI App IP TCP 443 HTTPS
 Green = Saw traffic on firewall.
 Yellow = Saw no traffic on firewall, but port is on the OMI documentation.

The Admin IP is any host you want to use to manage the OMI Appliance from.

It gets you to the OMI's web interface.

It is a little clunky, but it does work as advertised.

Greevous

View More

View All

No Events found!

Top