Port requirements for allowing access to a Data Domain through a Firewall
Summary: Port Requirement: This article lists the TCP and UDP ports used by the Data Domain, for use with configuring a firewall to allow access in and out of the Data Domain.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
This article lists the TCP and UDP ports used by the Data Domain to use with configuring a firewall to allow access in and out of the Data Domain.
The following tables list the ports used by the Data Domain, and which service uses them. Table 1.1 shows ports used by inbound traffic, and table 1.2 shows ports used by outbound traffic.
Table 1.1 Ports Used by Data Domain for Inbound Traffic
| Port | Service | Note |
|---|---|---|
| TCP 21 | FTP | Port is used for control only if FTP is enabled (run "adminaccess show" on the Data Domain to determine if so). |
| TCP 22 | SSH | Port is used only if SSH is enabled (run "adminaccess show" on the Data Domain to determine if so). |
| TCP 23 | Telnet | Port is used only if Telnet is enabled (run "adminaccess show" on the Data Domain to determine if so). |
| TCP 80 | HTTP | Port is used only if HTTP is enabled (run "adminaccess show" on the Data Domain to determine if so). |
| TCP 111 | DDBOOST/ NFS (portmapper) | Used to assign a random port for the mountd service used by NFS and DDBOOST. Mountd service port can be statically assigned. |
| UDP111 | DDBOOST/NFS (Portmapper) | Used to assign a random port for the mountd service used by NFS and DDBOOST. Mountd service port can be statically assigned. |
| UDP 123 | NTP | Port is used only if NTP is enabled on the Data Domain. Run "ntp status" to determine if so. |
| UDP 137 | CIFS (NetBIOS Name Service) | Port used by CIFS for NetBIOS name resolution. |
| UDP 138 | CIFS (NetBIOS Datagram Service) | Port used by CIFS for NetBIOS Datagram Service. |
| TCP 139 | CIFS (NetBIOS Session Service) | Port used by CIFS for session information. |
| UDP 161 | SNMP (Query) | Port is used only if SNMP is enabled. Run "snmp status" to determine if so. |
| TCP 389 | LDAP | LDAP server listens on this port for any LDAP client request. By Default it uses TCP. |
| TCP 443 | HTTPS | Port is used only if HTTPS is enabled (run "adminaccess show" on the Data Domain to determine if so). |
| TCP 445 | CIFS (Microsoft-DS) | The main port used by CIFS for data transfer |
| TCP 464 | Active Directory | "Kerberos change/set password". Required to join an Active Directory Domain. |
| UDP 623 | IPMI | Required to be open on a firewall for IPMI connectivity. |
| TCP 2049 | DDBOOST/NFS | The main port used by NFS. It can be modified using the "NFS set server-port" command. Command requires SE mode. |
| TCP 2051 | Replication/DDBOOST/Optimized Duplication | Port is used only if replication is configured on the Data Domain. Run "replication show config" to determine if so. This port can be modified using the "replication modify" command. |
| TCP 2052 | NFS Mountd/DDBOOST/Optimized Duplication | Main port used by NFS MOUNTD |
| TCP 3008 | RSS | Required for Archiver and GDA (single and dual node) or when Data Domain has an Archive Tier. |
| TCP 3009 | Replication/DDMC | This port must be opened if replication is configured, as this is the port used to get the remote peer CA certificate. It is also used by DDMC for monitoring the DD. |
| TCP 5001 | iPerf | Port is default used by iperf. To change the port, it requires the -p option from "se iperf" or the port option from the "net iperf" command. And the remote side must listen on the new port. |
* NFS (mountd) can be hard coded using command "nfs set mountd-port." Command requires SE mode. Contact Support for assistance.
Table 1.2 Ports Used by Data Domain for Outbound Traffic
| Port | Service | Note |
|---|---|---|
| TCP 20 | FTP | Port is used for data only if FTP is enabled (run "adminaccess show" on the Data Domain to determine if so). |
| TCP 25 | SMTP | Used by the Data Domain to send email autosupports and alerts. |
| UDP/TCP 53 | DNS | The port is used by Data Domain to perform DNS lookups when DNS is configured. Run "net show dns" to review the DNS configuration. |
| TCP 80 | HTTP | Used by Data Domain for uploading log files to Data Domain Support using the "support upload" command. |
| TCP 443 | HTTPS | This Port is used by Data Domain to upload the Support Bundle (SUB) |
| UDP 123 | NTP | Used by the Data Domain to synchronize to a time server. |
| UDP 162 | SNMP (Trap) | Used by the Data Domain to send SNMP traps to the SNMP host. Use "snmp show trap-hosts" to see destination hosts and "snmp status" to display service status. |
| UDP 389 | CLDAP | Used by the Data Domain to send connection less LDAP request to the LDAP server. |
| UDP 514 | Syslog | Used by the Data Domain to send syslog messages, if enabled. Use "log host show" to display destination hosts and service status. |
| UDP 623 | IPMI | Required to be open on a firewall for IPMI connectivity. |
| TCP 2051 | Replication/DDBOOST/Optimized Duplication | Used by Data Domain only if replication is configured. Use "replication show config" to determine if so. |
| TCP 3009 | Replication/DDMC | This port must be opened if replication is configured as this is the port used to get the remote peer CA certificate. It is also used by DDMC for monitoring the DD. |
| TCP 3268 | Global catalog | From the Data Domain to the Global Catalog on the Domain Controller for Active Directory authentication (From DDOS 5.7 and 6.x) |
| TCP 5001 | iPerf | Port is default used by iperf. To change the port, it requires the -p option from "se iperf" or the port option from the net iperf command. And the remote side must listen on the new port. |
| TCP 27000 | Avamar client communications with Avamar server | Avamar client network hosts |
| TCP 27000 | Avamar server communications with Replicator target Server (Avamar proprietary communication) | Required if the server is used as Replicator source. |
| TCP 28001 | Avamar client communications with administrator server | Avamar clients required |
| TCP 28002 | Administrator server communications with Avamar client | Optional for browsing clients and canceling backups from the Avamar Administrator management console |
| TCP 29000 | Avamar client Secure Sockets Layer (SSL) communications with Avamar server | Avamar clients required |
| Avamar server SSL communications with Replicator target server | Required if the server is Replicator source. |
Additional Information
Related articles:
(Log in as a registered Dell Support user may be required to view these articles.)
(Log in as a registered Dell Support user may be required to view these articles.)
- Data Domain - Analyzing Slow Replication Issues
- Data Domain - Troubleshooting Client Connectivity to DDR
- Data Domain - Troubleshooting NFS Client Mount Issues
- Troubleshooting NFS Connection Problems
- Data Domain: Active Directory authentication stops working when upgrading to DDOS 5.7 or higher if the Global Catalog is unreachable
Affected Products
Data DomainProducts
Data DomainArticle Properties
Article Number: 000004184
Article Type: How To
Last Modified: 18 Sept 2025
Version: 10
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.