Firewall ports
From COMCERT Wiki
Contents
Introduction
Please remember that Pulse, Software nPoint and Hardware nPoint are communication the same way.
In general, nPoint is contacting the nGeniusPULSE Server, not the other way around.
Service Test are executed by the nPoint. Device monitoring is done by nGeniusPULSE server or a Collector.
Even when there's no Service Test running on the nPoint, the nPoint will contact nGeniusPULSE Server every minute to update its configuration.
Solution
Inbound nGeniusPULSE Server/Collector
| destination | service | role |
|---|---|---|
| tcp/8443 | https | communication with nGeniusONE |
| tcp/443 | https |
secure web UI communication with nPoint |
| tcp/80 | http | web UI |
| udp/514 | syslog | syslog receiver |
| tcp/22 | ssh | CLI |
| udp/123 | ntp | network time server |
Outbound nGeniusPULSE Server/Collector*
| destination | service | role |
|---|---|---|
| udp/123 | ntp | network time synchronozation |
| udp/161 | snmp | snmp |
| tcp/443 | https |
communication with virtual center and wireless controller |
| ip protocol #1 type 0 and 8 | icmp echo request/reply | ping monitorred devices |
| tcp/25 | smtp | |
| tcp/386 | ldap | remote authentication |
| tcp/636 | sldap | secure remote authentication |
(*) outbound services are depending on the features that are in use.
Inbound nPoint
| destination | service | role |
|---|---|---|
| tcp/80 | http | web UI |
| tcp/22 | ssh | CLI |
Outbound nPoint*
| destination | service | role |
|---|---|---|
| tcp/443 | https | communication with nPoint |
(*) outbound services are depending on the Service Test configured.
