Dell PowerStore Planning Guide

PDF

Appliance network ports

The following table outlines the collection of network ports and the corresponding services that may be found on the appliance.

Table 1. Appliance network portsThe table lists the port number, type of service, protocol used, the direction of access, and a brief description for each appliance network port.
Port	Service	Protocol	Access Direction	Description
22	SSH client	TCP	Inbound	Used for SSH access (if enabled). If closed, management connections using SSH is not available.
25 or 587	SMTP	TCP	Outbound	Used by the appliance to send email. If closed, email notifications cannot be sent.
26	SSH client	TCP	Bi-directional	SSH access to port 22 is redirected to this port. If closed, management connections using SSH are not available.
53	DNS	TCP or UDP	Outbound	Used to transmit DNS queries to the DNS server. If closed, DNS name resolution does not work.
80, 8080, 3128	Support Connectivity	TCP	Outbound	Used for Support Connectivity Proxy connection.
111	PortMapper	TCP or UDP	Bi-directional	Used to assign a random port for the mountd service that is used by DD Boost and NFS.
123	NTP	TCP or UDP	Outbound	NTP time synchronization. If closed, time is not synchronized among appliances.
162 or between 1024–49151	SNMP	UDP	Outbound	SNMP communications. If closed, storage system alert mechanisms which rely on SNMP are not sent. The default port set for SNMP is 162.
443	HTTPS, block replication, remote backup	TCP	Bi-directional	Secure HTTP traffic to PowerStore Manager. Also used for block replication management communication between clusters and remote backup management communication between PowerStore and PowerProtect Data Domain. If closed, communication with the appliance is not available.
500	IPsec (IKEv2)	UDP	Bi-directional	To make IPSec work through your firewalls, open UDP port 500 and permit IP protocol numbers 50 and 51 on both inbound and outbound firewall filters. UDP Port 500 should be opened to allow Internet Security Association and Key Management Protocol (ISAKMP) traffic to be forwarded through your firewalls. IP protocol ID 50 should be set to allow IPSec Encapsulating Security Protocol (ESP) traffic to be forwarded. IP protocol ID 51 should be set to allow Authentication Header (AH) traffic to be forwarded. If closed, IPsec connection between PowerStore appliances is not available.
514	Remote Logging	UDP	Outbound	Used by the appliance to send log messages to remote syslog servers. If closed, log messages cannot be sent to remote syslog servers.
1468	Remote Logging	TCP	Outbound	Used by the appliance to send log messages to remote syslog servers. If closed, log messages cannot be sent to remote syslog servers.
2049	DDBoost/NFS	TCP	Bi-directional	Main port used by NFS.
2051	DDBoost	TCP	Bi-directional	Used only if replication is configured.
2052	DDBoost/NFS	TCP	Bi-directional	Used by the DDboost protocol.
3033	Import	TCP or UDP	Outbound	Required for storage import from legacy EqualLogic Peer Storage and Dell Compellent Storage Center systems.
3260	iSCSI	TCP	Inbound for Host and ESXi host access Bi-directional for replication Outbound storage for import	Required to provide the following access to iSCSI services: External host iSCSI access External or PowerStore embedded ESXi host iSCSI access Inter-cluster access for replication Storage import access from legacy EqualLogic Peer Storage, Dell Compellent Storage Center, Unity, and VNX2 systems If closed, iSCSI services are not available. Used by Data mobility to support reasonable replication performance on low-latency connection.
3261	Data mobility	TCP	Bi-directional	Used by Data mobility to support reasonable replication performance on high latency connection.
4420	I/O Controller	TCP	Inbound for Host and ESXi host access Bi-directional for replication Outbound for storage import	Required to provide the following access to NVMe/TCP I/O Controller services: External host NVMe/TCP access External or PowerStore embedded ESXi host NVMe/TCP access Inter-cluster access for replication Storage import access from legacy EqualLogic Peer Storage, Dell Compellent Storage Center, Unity, and VNX2 systems If closed, NVMe TCP I/O I/O Controller services are not available.
5353	Multicast DNS (mDNS)	UDP	Bi-directional	Multicast DNS query. If closed, mDNS name resolution does not work.
5555	RSA SecurID Authentication	TCP	Outbound	Used to communicate with an RSA Authentication server when the RSA SecurID Authentication feature is enabled. If closed, authentication using the RSA SecurID Authentication server does not function. The default port set for RSA SecurID Authentication is 5555.
8009	Discovery Controller	TCP	Bi-directional	Used by Data mobility to support reasonable replication performance on high latency connection. If closed, NVMe TCP Discovery services are unavailable.
8443	VASA Support Connectivity	TCP	Inbound for VASA Outbound for Support Connectivity	Required for the VASA Vendor Provider for VASA 3.0. Required for the related Support Connectivity Connect Home functions.
8443, 50443, 55443, or 60443	Windows import host agent, Linux import host agent, or VMware import host agent	TCP	Outbound	One of these ports must be open when importing data storage from legacy storage systems.
9443	Support Connectivity	TCP	Outbound	Required for Support Connectivity REST API related to Connect Home.
13333	Data mobility	TCP	Bi-directional	Used by iBasic replication data traffic on block replication network interfaces for latency setting: Low
13334	Data mobility	TCP	Bi-directional	Used by iBasic replication data traffic on block replication network interfaces for latency setting: Low_Medium
13335	Data mobility	TCP	Bi-directional	Used by iBasic replication data traffic on block replication network interfaces for latency setting: Medium
13336	Data mobility	TCP	Bi-directional	Used by iBasic replication data traffic on block replication network interfaces for latency setting: Medium_High
13337	Data mobility	TCP	Bi-directional	Used by iBasic replication data traffic on block replication network interfaces for latency setting: High