22
|
SSH client
|
TCP
|
Inbound
|
Used for SSH access (if enabled). If closed, management connections using SSH is not available.
|
25 or 587
|
SMTP
|
TCP
|
Outbound
|
Used by the appliance to send email. If closed, email notifications cannot be sent.
|
26
|
SSH client
|
TCP
|
Bi-directional
|
SSH access to port 22 is redirected to this port. If closed, management connections using SSH are not available.
|
53
|
DNS
|
TCP or UDP
|
Outbound
|
Used to transmit DNS queries to the DNS server. If closed, DNS name resolution does not work.
|
80, 8080, 3128
|
Support Connectivity
|
TCP
|
Outbound
|
Used for
Support Connectivity Proxy connection.
|
111
|
PortMapper
|
TCP or UDP
|
Bi-directional
|
Used to assign a random port for the mountd service that is used by DD Boost and NFS.
|
123
|
NTP
|
TCP or UDP
|
Outbound
|
NTP time synchronization. If closed, time is not synchronized among appliances.
|
162 or between 1024–49151
|
SNMP
|
UDP
|
Outbound
|
SNMP communications. If closed, storage system alert mechanisms which rely on SNMP are not sent. The default port set for SNMP is 162.
|
443
|
HTTPS, block replication, remote backup
|
TCP
|
Bi-directional
|
Secure HTTP traffic to
PowerStore Manager. Also used for block replication management communication between clusters and remote backup management communication between PowerStore and PowerProtect Data Domain. If closed, communication with the appliance is not available.
|
500
|
IPsec (IKEv2)
|
UDP
|
Bi-directional
|
To make IPSec work through your firewalls, open UDP port 500 and permit IP protocol numbers 50 and 51 on both inbound and outbound firewall filters. UDP Port 500 should be opened to allow Internet Security Association and Key Management Protocol (ISAKMP) traffic to be forwarded through your firewalls. IP protocol ID 50 should be set to allow IPSec Encapsulating Security Protocol (ESP) traffic to be forwarded. IP protocol ID 51 should be set to allow Authentication Header (AH) traffic to be forwarded. If closed, IPsec connection between
PowerStore appliances is not available.
|
514
|
Remote Logging
|
UDP
|
Outbound
|
Used by the appliance to send log messages to remote syslog servers. If closed, log messages cannot be sent to remote syslog servers.
|
1468
|
Remote Logging
|
TCP
|
Outbound
|
Used by the appliance to send log messages to remote syslog servers. If closed, log messages cannot be sent to remote syslog servers.
|
2049
|
DDBoost/NFS
|
TCP
|
Bi-directional
|
Main port used by NFS.
|
2051
|
DDBoost
|
TCP
|
Bi-directional
|
Used only if replication is configured.
|
2052
|
DDBoost/NFS
|
TCP
|
Bi-directional
|
Used by the DDboost protocol.
|
3033
|
Import
|
TCP or UDP
|
Outbound
|
Required for storage import from legacy EqualLogic Peer Storage and Dell Compellent Storage Center systems.
|
3260
|
iSCSI
|
TCP
|
- Inbound for Host and ESXi host access
- Bi-directional for replication
- Outbound storage for import
|
Required to provide the following access to iSCSI services:
- External host iSCSI access
- External or
PowerStore embedded ESXi host iSCSI access
- Inter-cluster access for replication
- Storage import access from legacy EqualLogic Peer Storage, Dell Compellent Storage Center, Unity, and VNX2 systems
If closed, iSCSI services are not available. Used by Data mobility to support reasonable replication performance on low-latency connection.
|
3261
|
Data mobility
|
TCP
|
Bi-directional
|
Used by Data mobility to support reasonable replication performance on high latency connection.
|
4420
|
I/O Controller
|
TCP
|
- Inbound for Host and ESXi host access
- Bi-directional for replication
- Outbound for storage import
|
Required to provide the following access to NVMe/TCP I/O Controller services:
- External host NVMe/TCP access
- External or
PowerStore embedded ESXi host NVMe/TCP access
- Inter-cluster access for replication
- Storage import access from legacy EqualLogic Peer Storage, Dell Compellent Storage Center, Unity, and VNX2 systems
If closed, NVMe TCP I/O I/O Controller services are not available.
|
5353
|
Multicast DNS (mDNS)
|
UDP
|
Bi-directional
|
Multicast DNS query. If closed, mDNS name resolution does not work.
|
5555
|
RSA SecurID Authentication
|
TCP
|
Outbound
|
Used to communicate with an RSA Authentication server when the RSA SecurID Authentication feature is enabled. If closed, authentication using the RSA SecurID Authentication server does not function. The default port set for RSA SecurID Authentication is 5555.
|
8009
|
Discovery Controller
|
TCP
|
Bi-directional
|
Used by Data mobility to support reasonable replication performance on high latency connection. If closed, NVMe TCP Discovery services are unavailable.
|
8443
|
VASA
Support Connectivity
|
TCP
|
- Inbound for VASA
- Outbound for
Support Connectivity
|
- Required for the VASA Vendor Provider for VASA 3.0.
- Required for the related
Support Connectivity Connect Home functions.
|
8443, 50443, 55443, or 60443
|
Windows import host agent, Linux import host agent, or VMware import host agent
|
TCP
|
Outbound
|
One of these ports must be open when importing data storage from legacy storage systems.
|
9443
|
Support Connectivity
|
TCP
|
Outbound
|
Required for
Support Connectivity REST API related to Connect Home.
|
13333
|
Data mobility
|
TCP
|
Bi-directional
|
Used by iBasic replication data traffic on block replication network interfaces for latency setting: Low
|
13334
|
Data mobility
|
TCP
|
Bi-directional
|
Used by iBasic replication data traffic on block replication network interfaces for latency setting: Low_Medium
|
13335
|
Data mobility
|
TCP
|
Bi-directional
|
Used by iBasic replication data traffic on block replication network interfaces for latency setting: Medium
|
13336
|
Data mobility
|
TCP
|
Bi-directional
|
Used by iBasic replication data traffic on block replication network interfaces for latency setting: Medium_High
|
13337
|
Data mobility
|
TCP
|
Bi-directional
|
Used by iBasic replication data traffic on block replication network interfaces for latency setting: High
|