- Notes, cautions, and warnings
- Overview
- Built in iDRAC and PowerEdge Security
- Securely Configuring iDRAC Web Server
- Securely Using TLS/SSL Certificate
- Federal Information Processing Standards (FIPS)
- Secure Shell (SSH)
- Network Security Configuration
- Interfaces and Protocols to Access iDRAC
- iDRAC Port Configuration
- IPMI and SNMP Security Best Practices
- Secure Enterprise Key Manager (SEKM) Security
- iDRAC9 Group Manager
- Virtual Console and Virtual Media Security
- VNC Security
- User Configuration and Access Control
- Configuring Local Users
- Disabling Access to Modify iDRAC Configuration Settings on Host System
- iDRAC User Roles and Privileges
- Superroot User
- Recommended Characters in Usernames and Passwords
- Password Strength Policy
- Secure Default Password
- Changing the Default Login Password using Web Interface
- Force Change of Password (FCP)
- Simple 2-Factor Authentication (Simple 2FA)
- RSA SecurID Two Factor Authentication (2FA) iDRAC9 Datacenter
- Active Directory
- LDAP
- Customizable Security Banner
- System Lockdown Mode
- Securely Configuring BIOS System Security
- Secure Boot Configuration
- Securely Erasing Data
- LCD Panel
- Server Inventory, Lifecycle Log, Server Profiles, and Licenses Import and Export
- Security Events Lifecycle Log
- Default Configuration Values
- Network Vulnerability Scanning
- Security Licensing
- Field Service Debug (FSD)
- Best Practices
- Appendix - White papers
iDRAC9 Security Configuration Guide
iDRAC Port Configuration
The following table lists the ports that are required to remotely access iDRAC through firewall. These are the default ports iDRAC listens to for connections. Optionally, you can modify most of the ports. To modify ports, see Configuring services on page 93.
| Port number | Type | Function | Configurable Port | Maximum Encryption Level |
|---|---|---|---|---|
|
22 |
TCP |
SSH |
Yes |
256-bit SSL |
|
80 |
TCP |
HTTP |
Yes |
None |
|
161 |
UDP |
SNMP Agent |
Yes |
None |
|
443 |
TCP |
HTTPS |
Yes |
256-bit SSL |
|
623 |
UDP |
RMCP/RMCP+ |
No |
128-bit SSL |
|
5000 |
TCP |
iDRAC to iSM |
No |
256-bit SSL |
|
NOTE:Maximum encryption level is 256-bit SSL if both iSM 3.4 or higher and iDRAC firmware 3.30.30.30 or higher are installed.
|
||||
|
5900 |
TCP |
Virtual console keyboard and mouse redirection, Virtual Media, Virtual folders, and Remote File Share |
Yes |
128-bit SSL |
|
5901 |
TCP |
VNC |
Yes |
128-bit SSL |
|
NOTE:Port 5901 opens when VNC feature is enabled.
|
||||
The following table lists the ports that iDRAC uses as a client:
| Port Number | Type | Function | Configurable Port | Maximum Encryption Level |
|---|---|---|---|---|
|
25 |
TCP |
SMTP |
Yes |
None |
|
53 |
UDP |
DNS |
No |
None |
|
68 |
UDP |
DHCP-assigned IP address |
No |
None |
|
69 |
TFTP |
TFTP |
No |
None |
|
123 |
UDP |
Network Time Protocol (NTP) |
No |
None |
|
162 |
UDP |
SNMP trap |
Yes |
None |
|
445 |
TCP |
Common Internet File System (CIFS) |
No |
None |
|
636 |
TCP |
LDAP Over SSL (LDAPS) |
No |
256-bit SSL |
|
2049 |
TCP |
Network File System (NFS) |
No |
None |
|
3269 |
TCP |
LDAPS for global catalog (GC) |
No |
256-bit SSL |
|
5353 |
UDP |
mDNS |
No |
None |
|
5696 |
TCP |
Key Management Server (SEKM) |
Yes |
256-bit SSL |
|
NOTE:When node-initiated discovery or Group Manager is enabled, iDRAC uses mDNS to communicate through port 5353. However, when both are disabled, port 5353 is blocked by iDRAC's internal firewall and appears as open|filtered port in the port scans.
|
||||
|
514 |
UDP |
Remote syslog |
Yes |
None |
|
6514 |
TCP |
Remote syslog |
Yes |
256-bit SSL |
|
Ports Internally used by iDRAC (These cannot be changed by the end user and cannot be used for other purposes). |
||||
|
4200 4201 4202 4203 4204 4205 |
TCP |
Redfish Internal Ports |
No |
None |
|
4300 4301 4400 |
TCP |
Authorizer Internal Ports |
No |
None |
|
5200 5201 |
TCP |
GUI and RACADM Internal Ports |
No |
None |
|
5555 5556 |
TCP |
Internal Ports for IPC |
No |
None |
|
199 |
UDP |
SNMP daemon |
No |
None |
|
5905 5951 |
TCP |
VNC Vmedia/Vconsole |
No |
None |
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\