- Notes, cautions, and warnings
- Disclaimer
- Preface
- Introduction
- Authentication
- Component access control
- Login security settings
- Log in to the PowerProtect Data Manager Appliance REST API
- User and credential management
- Authentication types and setup
- Multi-factor authentication
- iDRAC
- Identity providers
- Authentication to external systems
- Authorization
- Log Settings
- Network and Communication Security Settings
- Data Security Settings
- Cryptography
- Security certificates
- External component certificate management
- Security Updates and Patching
- Authenticity and Integrity
- About product authenticity and integrity
- Verification
- Verify the signer or signers for Windows binaries
- Verify the vendor for Linux (RPM-based) packages
- Verify the vendor for Linux (Debian-based) packages
- Verify GPG signatures for Linux (RPM-based) packages
- Verify the signature for JAR files
- Verify SHA-256 checksums in Windows
- Verify SHA-256 checksums in Linux
- Verify SHA-256 checksums in AIX
- Miscellaneous Configuration and Management Elements
- REST API Procedures
- TLS Cipher Suites
- Glossary
PowerProtect Data Manager Appliance 5.15.0.0 Security Configuration Guide for DM5500
Modify firewall rules
The PowerProtect Data Manager Appliance system configures firewall rules to block inbound and outbound communications on ports that are not required by PowerProtect Data Manager Appliance components for communication.
About this task
There are three ways to modify the firewall rules:
- For permanent changes, you can add entries to the list of custom ports.
- For temporary changes, you can use the iptables command, which is part of the Linux operating system. Users should be familiar with the operation and syntax for iptables, including order of precedence, before using this method. Temporary changes do not persist through firewall restarts.
- You can also use the PowerProtect Data Manager Appliance REST API to open outbound ports. The PowerProtect Data Manager Appliance Public REST API documentation provides instructions for this method.
NOTE:It is recommended that you do not modify existing firewall rules, because modification can impact successful operations.
Steps
- Connect to the PowerProtect Data Manager Appliance console and change to the root user.
For permanent changes:
-
Add port numbers on separate lines to
/etc/sysconfig/scripts/custom-ports.
For example:
139 445 6443 8080
Save and close the file.
-
Stop the firewall service:
service firewalld stop
-
Start the firewall service:
service firewalld start
For temporary changes:
-
Open an outbound port:
/usr/sbin/iptables -I OUTPUT -p tcp --dport <num> -j ACCEPT
where <num> is the new outbound port.
This example inserts the new rule at the head of the rule chain and opens the specified TCP port from PowerProtect Data Manager Appliance to any destination. -
Open an inbound port:
/usr/sbin/iptables -I INPUT -p tcp --dport <num> -j ACCEPT
where <num> is the new outbound port.
This example inserts the new rule at the head of the rule chain and opens the specified TCP port to PowerProtect Data Manager Appliance from any destination.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\