20
|
FTP
|
TCP
|
Outbound
|
Port used for FTP data transfers. This port can be opened by enabling FTP. Authentication is performed on port 21 and defined by the FTP protocol.
|
21
|
FTP
|
TCP
|
Inbound
|
Port 21 is the control port on which the FTP service listens for incoming FTP requests.
|
22
|
SFTP
|
TCP
|
Inbound
|
Allows alert notifications through SFTP (FTP over SSH). SFTP is a client/server protocol. Users can use SFTP to perform file transfers on an appliance on the local subnet. Also provides outgoing FTP control connection. If closed, FTP will not be available.
|
53
|
DNS
|
TCP/UDP
|
Outbound
|
Used to transmit DNS queries to the DNS server. If closed, DNS name resolution will not work. Required for SMB v1.
|
88
|
Kerberos
|
TCP/UDP
|
Outbound
|
Required for Kerberos authentication services.
|
111
|
RPC bind (for SDNAS namespaces; otherwise, host service)
|
TCP/UDP
|
Bi-directional
|
Opened by the standard portmapper or rpcbind service and is an ancillary appliance network service. It cannot be stopped. By definition, if a client system has network connectivity to the port, it can query it. No authentication is performed.
|
123
|
NTP
|
UDP
|
Outbound
|
NTP time synchronization. If closed, time will not be synchronized among appliances.
|
135
|
Microsoft RPC
|
TCP
|
Inbound
|
Multiple purposes for Microsoft Client.
|
137
|
Microsoft Netbios WINS
|
UDP; TCP/UDP
|
Inbound; Outbound
|
The NETBIOS Name Service is associated with the appliance SMB file sharing services and is a core component of that feature (Wins). If disabled, this port disables all SMB related services.
|
138
|
Microsoft Netbios BROWSE
|
UDP
|
Outbound
|
The NETBIOS Datagram Service is associated with the appliance SMB file sharing services and is a core component of that feature. Only Browse service is used. If disabled, this port disables Browsing capability.
|
139
|
Microsoft SMB
|
TCP
|
Bi-directional
|
The NETBIOS Session Service is associated with appliance SMB file sharing services and is a core component of that functionality. If SMB services are enabled, this port is open. It is specifically required for SMB v1.
|
162 or between 1024 - 49151
|
SNMP
|
UDP
|
Outbound
|
SNMP communications. If closed, storage system alert mechanisms which rely on SNMP will not be sent. The default port set for SNMP is 162.
|
389
|
LDAP
|
TCP/UDP
|
Outbound
|
Unsecure LDAP queries. If closed, Unsecure LDAP authentication queries will be unavailable. Secure LDAP is configurable as an alternative.
|
445
|
Microsoft SMB
|
TCP
|
Inbound
|
SMB (on domain controller) and SMB connectivity port for Windows 2000 and later clients. Clients with legitimate access to the appliance SMB services must have network connectivity to the port for continued operation. Disabling this port disables all SMB related services. If port 139 is also disabled, SMB file sharing is disabled.
|
464
|
Kerberos
|
TCP/UDP
|
Outbound
|
Required for Kerberos authentication services and SMB.
|
500
|
IPsec (IKEv2)
|
UDP
|
Bi-directional
|
To make IPSec work through your firewalls, open UDP port 500 and permit IP protocol numbers 50 and 51 on both inbound and outbound firewall filters. UDP Port 500 should be opened to allow Internet Security Association and Key Management Protocol (ISAKMP) traffic to be forwarded through your firewalls. IP protocol ID 50 should be set to allow IPSec Encapsulating Security Protocol (ESP) traffic to be forwarded. IP protocol ID 51 should be set to allow Authentication Header (AH) traffic to be forwarded. If closed, IPsec connection between
PowerStore appliances will be unavailable.
|
514
|
Remote Logging
|
UDP
|
Outbound
|
Allows the appliance to send log messages to remote syslog servers. If closed, log messages cannot be sent to remote syslog servers.
|
636
|
LDAPS
|
TCP/UDP
|
Outbound
|
Secure LDAP queries. If closed, secure LDAP authentication will be unavailable.
|
1234
|
NFS mountd
|
TCP/UDP
|
Bi-directional
|
Used for the mount service, which is a core component of the NFS service (versions 2, 3, and 4).
|
1468
|
Remote Logging
|
TCP
|
Outbound
|
Allows the appliance to send log messages to remote syslog servers. If closed, log messages cannot be sent to remote syslog servers.
|
2000
|
SSHD
|
TCP
|
Inbound
|
SSHD for serviceability (optional)
|
2049
|
NFS I/O
|
TCP/UDP
|
Bi-directional
|
Used to provide NFS services.
|
3268
|
LDAP
|
UDP
|
Outbound
|
Unsecure LDAP queries. If closed, Unsecure LDAP authentication queries will be unavailable.
|
3269
|
LDAPS
|
UDP
|
Outbound
|
Secure LDAP queries. If closed, Secure LDAP authentication queries will be unavailable.
|
4000
|
STATD for NFSv3
|
TCP/UDP
|
Bi-directional
|
Used to provide NFS statd services. statd is the NFS file-locking status monitor and works in conjunction with lockd to provide crash and recovery functions for NFS. If closed, NAS statd services will be unavailable.
|
4001
|
NLMD for NFSv3
|
TCP/UDP
|
Bi-directional
|
Used to provide NFS lockd services. lockd is the NFS file-locking daemon. It processes lock requests from NFS clients and works in conjunction with the statd daemon. If closed, NAS lockd services will be unavailable.
|
4002
|
RQUOTAD for NFSv3
|
TCP/UDP; UDP
|
Inbound; Outbound
|
Used to provide NFS rquotad services. The rquotad daemon provides quota information to NFS clients that have mounted a file system. If closed, NAS rquotad services will be unavailable.
|
4003
|
XATTRPD (extended file attribute)
|
TCP/UDP
|
Inbound
|
Required for managing file attributes in a multi-protocol environment.
|
4658
|
PAX (NAS server archive)
|
TCP
|
Inbound
|
PAX is an appliance archive protocol that works with standard UNIX tape formats.
|
5085, 5086
|
File replication (replication management traffic)
|
TCP
|
Bi-directional
|
Used by management communication for SDNAS/File replication between clusters.
|
8888
|
File replication (replication data traffic)
|
TCP
|
Bi-directional
|
Used between replication network IP addresses on the SDNAS/File replication network interfaces.
|
10000
|
NDMP
|
TCP
|
Inbound
|
- Enables you to control the backup and recovery of a Network Data Management Protocol (NDMP) server through a network backup application, without installing third party software on the server. In an appliance, the NAS Server functions as the NDMP server.
- The NDMP service can be disabled if NDMP tape backup is not used.
- The NDMP service is authenticated with a username/password pair. The username is configurable. The NDMP documentation describes how to configure the password for a variety of environments.
|
[10500,10531]
|
NDMP reserved range for NDMP dynamic ports
|
TCP
|
Inbound
|
For three-way backup/restore sessions, NAS Servers use ports 10500 to 10531.
|
12228
|
Antivirus checker service
|
TCP
|
Outbound
|
Required for the Antivirus checker service.
|