20
|
FTP
|
TCP
|
Outbound
|
Port used for FTP data transfers. This port can be opened by enabling FTP. Authentication is performed on port 21 and defined by the FTP protocol.
|
21
|
FTP
|
TCP
|
Inbound
|
Port 21 is the control port on which the FTP service listens for incoming FTP requests.
|
22
|
SFTP
|
TCP
|
Inbound
|
Allows alert notifications through SFTP (FTP over SSH). SFTP is a client/server protocol. Users can use SFTP to perform file transfers on an appliance on the local subnet. Also, it provides an outgoing FTP control connection. If closed, FTP is not available.
|
53
|
DNS
|
TCP or UDP
|
Outbound
|
Used to transmit DNS queries to the DNS server. If closed, DNS name resolution does not work. Required for SMB v1.
|
88
|
Kerberos
|
TCP or UDP
|
Outbound
|
Required for Kerberos authentication services.
|
111
|
RPC bind (for file services namespaces; otherwise, host service)
|
TCP or UDP
|
Bi-directional
|
Opened by the standard portmapper or rpcbind service and is an ancillary appliance network service. It cannot be stopped. By definition, if a client system has network connectivity to the port, it can query it. No authentication is performed.
|
123
|
NTP
|
UDP
|
Outbound
|
NTP time synchronization. If closed, time is not synchronized among appliances.
|
135
|
Microsoft RPC
|
TCP
|
Inbound
|
Multiple purposes for Microsoft Client.
|
137
|
Microsoft Netbios WINS
|
UDP; TCP or UDP
|
Inbound; Outbound
|
The NetBIOS Name Service is associated with the appliance SMB file sharing services and is a core component of that feature (Wins). If disabled, this port disables all SMB-related services.
|
138
|
Microsoft Netbios BROWSE
|
UDP
|
Outbound
|
The NetBIOS Datagram Service is associated with the appliance SMB file sharing services and is a core component of that feature. Only the Browse service is used. If disabled, this port disables Browsing capability.
|
139
|
Microsoft SMB
|
TCP
|
Bi-directional
|
The NetBIOS Session Service is associated with appliance SMB file sharing services and is a core component of that functionality. If SMB services are enabled, this port is open. It is required for SMB v1.
|
162 or between 1024-49151
|
SNMP
|
UDP
|
Outbound
|
SNMP communications. If closed, storage system alert mechanisms which rely on SNMP are not sent. The default port set for SNMP is 162.
|
389
|
LDAP
|
TCP or UDP
|
Outbound
|
Unsecure LDAP queries. If closed, Unsecure LDAP authentication queries are not available. Secure LDAP is configurable as an alternative.
|
445
|
Microsoft SMB
|
TCP
|
Inbound
|
SMB (on domain controller) and SMB connectivity port for Windows 2000 and later clients. Clients with legitimate access to the appliance SMB services must have network connectivity to the port for continued operation. Disabling this port disables all SMB-related services. If port 139 is also disabled, SMB file sharing is disabled.
|
464
|
Kerberos
|
TCP or UDP
|
Outbound
|
Required for Kerberos authentication services and SMB.
|
500
|
IPsec (IKEv2)
|
UDP
|
Bi-directional
|
To make IPSec work through your firewalls, open UDP port 500 and permit IP protocol numbers 50 and 51 on both inbound and outbound firewall filters. UDP Port 500 should be opened to allow Internet Security Association and Key Management Protocol (ISAKMP) traffic to be forwarded through your firewalls. IP protocol ID 50 should be set to allow IPSec Encapsulating Security Protocol (ESP) traffic to be forwarded. IP protocol ID 51 should be set to allow Authentication Header (AH) traffic to be forwarded. If closed, IPsec connection between
PowerStore appliances is not available.
|
514
|
Remote Logging
|
UDP
|
Outbound
|
Allows the appliance to send log messages to remote syslog servers. If closed, log messages cannot be sent to remote syslog servers.
|
636
|
LDAPS
|
TCP or UDP
|
Outbound
|
Secure LDAP queries. If closed, secure LDAP authentication is not available.
|
1234
|
NFS mountd
|
TCP or UDP
|
Bi-directional
|
Used for the mount service, which is a core component of the NFS service (versions 2, 3, and 4).
|
1468
|
Remote Logging
|
TCP
|
Outbound
|
Allows the appliance to send log messages to remote syslog servers. If closed, log messages cannot be sent to remote syslog servers.
|
2000
|
SSHD
|
TCP
|
Inbound
|
SSHD for serviceability (optional)
|
2049
|
NFS I/O
|
TCP or UDP
|
Bi-directional
|
Used to provide NFS services.
|
3268
|
LDAP
|
UDP
|
Outbound
|
Unsecure LDAP queries. If closed, Unsecure LDAP authentication queries are not available.
|
3269
|
LDAPS
|
UDP
|
Outbound
|
Secure LDAP queries. If closed, Secure LDAP authentication queries are not available.
|
4000
|
STATD for NFSv3
|
TCP or UDP
|
Bi-directional
|
Used to provide NFS statd services. statd is the NFS file-locking status monitor and works with lockd to provide crash and recovery functions for NFS. If closed, NAS statd services are not available.
|
4001
|
NLMD for NFSv3
|
TCP or UDP
|
Bi-directional
|
Used to provide NFS lockd services. lockd is the NFS file-locking daemon. It processes lock requests from NFS clients and works with the statd daemon. If closed, NAS lockd services are not available.
|
4002
|
RQUOTAD for NFSv3
|
TCP or UDP; UDP
|
Inbound; Outbound
|
Used to provide NFS rquotad services. The rquotad daemon provides quota information to NFS clients that have mounted a file system. If closed, NAS rquotad services are not available.
|
4003
|
XATTRPD (extended file attribute)
|
TCP or UDP
|
Inbound
|
Required for managing file attributes in a multi-protocol environment.
|
4658
|
PAX (NAS server archive)
|
TCP
|
Inbound
|
PAX is an appliance archive protocol that works with standard UNIX tape formats.
|
5085, 5086
|
File replication (replication management traffic)
|
TCP
|
Bi-directional
|
Used by management communication for file services file replication between clusters.
|
8888
|
File replication (replication data traffic)
|
TCP
|
Bi-directional
|
Used between replication network IP addresses on the file services file replication network interfaces.
|
10000
|
NDMP
|
TCP
|
Inbound
|
- Enables you to control the backup and recovery of a Network Data Management Protocol (NDMP) server through a network backup application, without installing third party software on the server. In an appliance, the NAS Server functions as the NDMP server.
- If NDMP tape backup is not used, the NDMP service can be disabled.
- The NDMP service is authenticated with a username and password pair. The username is configurable. The NDMP documentation describes how to configure the password for various environments.
|
[10500,10531]
|
NDMP reserved range for NDMP dynamic ports
|
TCP
|
Inbound
|
For three-way backup/restore sessions, NAS Servers use ports 10500–10531.
|
12228
|
Antivirus checker service
|
TCP
|
Outbound
|
Required for the Antivirus checker service.
|