TruView Firewall ports

From wiki.comcert.com
Jump to navigation Jump to search

Introduction

Distributed TruView is in almost all cases a single TVC (running the web portal) and one or more data sources (TVF and TVP).  Please note that TVP (TruView Packet) is a packet collector and has no Web UI.  TVF (TruView Flow) is equipped with a (depreciated) Web UI and can still be used for flow based network analysis.  However, customers are recommended to use TVC for flow as well as packet based network analysis.

In case there are firewalls in between the appliances, this article will help you to create the necessary firewall policies.

Please note that all TruView appliances are running firewall deamon (linux: firewalld) to restrict access to undocumented ports.

 

Solution

TVC inbound ports

destination service role
tcp/443 https user portal
tcp/22 ssh management cli

TVC outbound ports

destination service role
udp/53 dns domain name service
tcp/389 ldap remote authentication
tcp/636 sldap secure remote authentication
udp/123 ntp network time synchronization
tcp/25 smtp mailrelay (email external notification)
udp/161 snmp polling device health status of exporter

TVF inbound ports

destination service role
tcp/443 https user portal (depreciated)
tcp/22 ssh management cli
udp/2055,udp/6343,* netflow receiving netflow packets from exporter

(*) inbound netflow services are depending on your configuration of the exporting device / listening port settings.

TVF outbound ports

destination service role
udp/53 dns domain name service
udp/123 ntp network time synchronization
udp/161 snmp polling interface utilization of exporter

TVP inbound ports

destination service role
tcp/22 ssh management cli

TVP outbound ports

destination service role
udp/53 dns domain name service
udp/123 ntp network time synchronization

Distributed TruView internal communication ports

destination service role
tcp/443 https TVC -> TVF/TVP
tcp/443 https TVF/TVP -> TVC