Firewall ports: Difference between revisions

From wiki.comcert.com
Jump to navigation Jump to search
No edit summary
No edit summary
 
(15 intermediate revisions by the same user not shown)
Line 1: Line 1:


== Introduction ==
== Introduction ==
Please remember that Pulse, Software nPoint and Hardware nPoint are communication the same way.
In general, nPoint is contacting the nGeniusPULSE Server, not the other way around.
Service Test are executed by the nPoint. Device monitoring is done by nGeniusPULSE server or a Collector.
Even when there's no Service Test running on the nPoint, the nPoint will contact nGeniusPULSE Server every minute to update its configuration.
 


== Solution ==
== Solution ==


Please remember that Pulse, Software nPoint and Hardware nPoint are all the same in regard to this article.
=== Inbound nGeniusPULSE Server/Collector ===
 
=== Inbound nGeniusPULSE server ===


{| border="1" cellpadding="1" cellspacing="1" style="width: 500px;"
{| border="1" cellpadding="1" cellspacing="1" style="width: 500px;"
|-
|-
! scope="col" | destination protocol/port
! scope="col" | destination 
! scope="col" | service
! scope="col" | service
! scope="col" | role
! scope="col" | role
Line 45: Line 53:
 
 


=== Outbound nGeniusPULSE server* ===
=== Outbound nGeniusPULSE Server/Collector* ===


{| border="1" cellpadding="1" cellspacing="1" style="width: 500px;"
{| border="1" cellpadding="1" cellspacing="1" style="width: 500px;"
|-
|-
! scope="col" | destination protocol/port
! scope="col" | destination 
! scope="col" | service
! scope="col" | service
! scope="col" | role
! scope="col" | role
Line 67: Line 75:


|-
|-
| ip protocol #1
| ip protocol #1 type 0 and 8
| icmp
| icmp echo request/reply
| ping monitorred devices
| ping monitorred devices
|-
| tcp/25
| smtp
| email
|-
| tcp/386
| ldap
| remote authentication
|-
| tcp/636
| sldap
| secure remote authentication
|}
|}


Line 76: Line 96:
 
 


Inbound nPoint
=== Inbound nPoint ===


 
{| border="1" cellpadding="1" cellspacing="1" style="width: 500px;"
 
|-
Outbound nPoint
! scope="col" | destination
 
! scope="col" | service
(*) outbound services are depending on the features that are in use.
! scope="col" | role
|-
| tcp/80
| http
| web UI
|-
| tcp/22
| ssh
| CLI
|}


 
 


 
=== Outbound nPoint* ===


 
{| border="1" cellpadding="1" cellspacing="1" style="width: 500px;"
|-
! scope="col" | destination
! scope="col" | service
! scope="col" | role
|-
| tcp/443
| https
| communication with nPoint
|}


 
(*) outbound services are depending on the Service Test configured. 
 
 

Latest revision as of 15:51, 21 July 2018

Introduction

Please remember that Pulse, Software nPoint and Hardware nPoint are communication the same way.

In general, nPoint is contacting the nGeniusPULSE Server, not the other way around.

Service Test are executed by the nPoint. Device monitoring is done by nGeniusPULSE server or a Collector.

Even when there's no Service Test running on the nPoint, the nPoint will contact nGeniusPULSE Server every minute to update its configuration.

 

Solution

Inbound nGeniusPULSE Server/Collector

destination  service role
tcp/8443 https communication with nGeniusONE
tcp/443 https

secure web UI

communication with nPoint

tcp/80 http web UI
udp/514 syslog syslog receiver
tcp/22 ssh CLI
udp/123 ntp network time server

 

Outbound nGeniusPULSE Server/Collector*

destination  service role
udp/123 ntp network time synchronozation
udp/161 snmp snmp
tcp/443 https

communication with virtual center and wireless controller

ip protocol #1 type 0 and 8 icmp echo request/reply ping monitorred devices
tcp/25 smtp email
tcp/386 ldap remote authentication
tcp/636 sldap secure remote authentication

(*) outbound services are depending on the features that are in use.

 

Inbound nPoint

destination service role
tcp/80 http web UI
tcp/22 ssh CLI

 

Outbound nPoint*

destination service role
tcp/443 https communication with nPoint

(*) outbound services are depending on the Service Test configured.