TruView Firewall ports: Difference between revisions

From wiki.comcert.com
Jump to navigation Jump to search
No edit summary
No edit summary
 
(7 intermediate revisions by the same user not shown)
Line 2: Line 2:
== Introduction ==
== Introduction ==


A distributed TruView environment always contains a TVC. The TVC is the window to your data and it can be accompanied by a TVF, a TVP or both. Please note that a TVP (TruView Packet) acts a true packet collector, while a TVF (TruView Flow) is capable of showing results.
Distributed TruView is in almost all cases a single TVC (running the web portal) and one or more data sources (TVF and TVP).  Please note that TVP (TruView Packet) is a packet collector and has no Web UI.  TVF (TruView Flow) is equipped with a (depreciated) Web UI and can still be used for flow based network analysis.  However, customers are recommended to use TVC for flow as well as packet based network analysis.
 
In case there are firewalls in between the appliances, this article will help you to create the necessary firewall policies.
 
Please note that all TruView appliances are running firewall deamon (linux: firewalld) to restrict access to undocumented ports.
 
 


== Solution ==
== Solution ==
Line 53: Line 59:
| style="width: 156px;" | udp/161
| style="width: 156px;" | udp/161
| style="width: 70px;" | snmp
| style="width: 70px;" | snmp
| style="width: 312px;" | device health
| style="width: 312px;" | polling device health status of exporter
|}
|}


Line 72: Line 78:
| style="width: 315px;" | management cli
| style="width: 315px;" | management cli
|-
|-
| style="width: 154px;" | udp/2055,udp/6343*
| style="width: 154px;" | udp/2055,udp/6343,*
| style="width: 72px;" | netflow
| style="width: 72px;" | netflow
| style="width: 315px;" | netflow packets from exporter
| style="width: 315px;" | receiving netflow packets from exporter
|}
|}


(*) inbound netflow services are depending on the configuration of the exporting device.
(*) inbound netflow services are depending on your configuration of the exporting device / listening port settings.


=== TVF outbound ports ===
=== TVF outbound ports ===


{| border="1" cellpadding="1" cellspacing="1" style="width: 500px;"
{| border="1" cellpadding="1" cellspacing="1" style="width: 561px;"
|-
|-
| style="width: 151px;" | '''destination'''
| style="width: 151px;" | '''destination'''
| style="width: 65px;" | '''service'''
| style="width: 76px;" | '''service'''
| style="width: 266px;" | '''role'''
| style="width: 316px;" | '''role'''
|-
|-
| style="width: 151px;" | udp/53
| style="width: 151px;" | udp/53
| style="width: 65px;" | dns
| style="width: 76px;" | dns
| style="width: 266px;" | domain name service
| style="width: 316px;" | domain name service
|-
|-
| style="width: 151px;" | udp/123
| style="width: 151px;" | udp/123
| style="width: 65px;" | ntp
| style="width: 76px;" | ntp
| style="width: 266px;" | network time synchronization
| style="width: 316px;" | network time synchronization
|-
|-
| style="width: 151px;" | udp/161
| style="width: 151px;" | udp/161
| style="width: 65px;" | snmp
| style="width: 76px;" | snmp
| style="width: 266px;" | interface utilization of exporter
| style="width: 316px;" | polling interface utilization of exporter
|}
|}


=== TVP inbound ports ===
=== TVP inbound ports ===


{| border="1" cellpadding="1" cellspacing="1" style="width: 500px;"
{| border="1" cellpadding="1" cellspacing="1" style="width: 561px;"
|-
|-
| style="width: 147px;" | '''destination'''
| style="width: 147px;" | '''destination'''
| style="width: 68px;" | '''service'''
| style="width: 68px;" | '''service'''
| style="width: 267px;" | '''role'''
| style="width: 328px;" | '''role'''
|-
|-
| style="width: 147px;" | tcp/22
| style="width: 147px;" | tcp/22
| style="width: 68px;" | ssh
| style="width: 68px;" | ssh
| style="width: 267px;" | management cli
| style="width: 328px;" | management cli
|}
|}


=== TVP outbound ports ===
=== TVP outbound ports ===


{| border="1" cellpadding="1" cellspacing="1" style="width: 500px;"
{| border="1" cellpadding="1" cellspacing="1" style="width: 559px;"
|-
|-
| style="width: 143px;" | '''destination'''
| style="width: 143px;" | '''destination'''
| style="width: 73px;" | '''service'''
| style="width: 73px;" | '''service'''
| style="width: 266px;" | '''role'''
| style="width: 325px;" | '''role'''
|-
|-
| style="width: 143px;" | udp/53
| style="width: 143px;" | udp/53
| style="width: 73px;" | dns
| style="width: 73px;" | dns
| style="width: 266px;" | domain name service
| style="width: 325px;" | domain name service
|-
|-
| style="width: 143px;" | udp/123
| style="width: 143px;" | udp/123
| style="width: 73px;" | ntp
| style="width: 73px;" | ntp
| style="width: 266px;" | network time synchronization
| style="width: 325px;" | network time synchronization
|}
|}


=== Distributed TruView internal communication ports ===
=== Distributed TruView internal communication ports ===


{| border="1" cellpadding="1" cellspacing="1" style="width: 500px;"
{| border="1" cellpadding="1" cellspacing="1" style="width: 557px;"
|-
|-
| style="width: 153px;" | '''destination'''
| style="width: 153px;" | '''destination'''
| style="width: 65px;" | '''service'''
| style="width: 65px;" | '''service'''
| style="width: 264px;" | '''role'''
| style="width: 321px;" | '''role'''
|-
|-
| style="width: 153px;" | tcp/443
| style="width: 153px;" | tcp/443
| style="width: 65px;" | https
| style="width: 65px;" | https
| style="width: 264px;" | TVC -> TVF/TVP
| style="width: 321px;" | TVC -> TVF/TVP
|-
|-
| style="width: 153px;" | tcp/443
| style="width: 153px;" | tcp/443
| style="width: 65px;" | https
| style="width: 65px;" | https
| style="width: 264px;" | TVF/TVP -> TVC
| style="width: 321px;" | TVF/TVP -> TVC
|}
|}



Latest revision as of 07:03, 19 August 2022

Introduction

Distributed TruView is in almost all cases a single TVC (running the web portal) and one or more data sources (TVF and TVP).  Please note that TVP (TruView Packet) is a packet collector and has no Web UI.  TVF (TruView Flow) is equipped with a (depreciated) Web UI and can still be used for flow based network analysis.  However, customers are recommended to use TVC for flow as well as packet based network analysis.

In case there are firewalls in between the appliances, this article will help you to create the necessary firewall policies.

Please note that all TruView appliances are running firewall deamon (linux: firewalld) to restrict access to undocumented ports.

 

Solution

TVC inbound ports

destination service role
tcp/443 https user portal
tcp/22 ssh management cli

TVC outbound ports

destination service role
udp/53 dns domain name service
tcp/389 ldap remote authentication
tcp/636 sldap secure remote authentication
udp/123 ntp network time synchronization
tcp/25 smtp mailrelay (email external notification)
udp/161 snmp polling device health status of exporter

TVF inbound ports

destination service role
tcp/443 https user portal (depreciated)
tcp/22 ssh management cli
udp/2055,udp/6343,* netflow receiving netflow packets from exporter

(*) inbound netflow services are depending on your configuration of the exporting device / listening port settings.

TVF outbound ports

destination service role
udp/53 dns domain name service
udp/123 ntp network time synchronization
udp/161 snmp polling interface utilization of exporter

TVP inbound ports

destination service role
tcp/22 ssh management cli

TVP outbound ports

destination service role
udp/53 dns domain name service
udp/123 ntp network time synchronization

Distributed TruView internal communication ports

destination service role
tcp/443 https TVC -> TVF/TVP
tcp/443 https TVF/TVP -> TVC