Port Requirements for Allowing Access to Data Domain System Through a Firewall

Port Requirements for Allowing Access to Data Domain System Through a Firewall

SYMPTOMS

 

This article lists the TCP and UDP ports used by the Data Domain system, for use with configuring a firewall to allow access in and out of the Data Domain system.

 

APPLIES TO

 

All Data Domain systems

All Software Releases

PURPOSE

 

This article resolves how to set up the exchange server to allow the Data Domain device to send autosupport emails

INSTRUCTION

 

The following tables list the ports used by the Data Domain system, and what service makes use of them. Table 1.1 shows ports used by inbound traffic, and table 1.2 shows ports used by outbound traffic.

Table 1.1 – Ports Used by Data Domain system for Inbound Traffic


Port

Service

Note

TCP 21

FTP

Port is used for control only if FTP is enabled (run ‘adminaccess show’ on the Data Domain system to determine if this is the case).

TCP 22

SSH

Port is used only if SSH is enabled (run ‘adminaccess show’ on the Data Domain system to determine if this is the case).

TCP 23

Telnet

Port is used only if Telnet is enabled (run ‘adminaccess show’ on the Data Domain system to determine if this is the case).

TCP 80

HTTP

Port is used only if HTTP is enabled (run ‘adminaccess show’ on the Data Domain system to determine if this is the case).

TCP 111

DDBOOST/ NFS (portmapper)

Used to assign a random port for the mountd service used by NFS and DDBOOST. Mountd service port can be statically assigned.

UDP111

DDBOOST/NFS (Portmapper)

Used to assign a random port for the mountd service used by NFS and DDBOOST. Mountd service port can be statically assigned.

UDP 123

NTP

Port is used only if NTP is enabled on the Data Domain system. Run ‘ntp status’ to determine if this is the case.

UDP 137

CIFS (NetBIOS Name Service)

Port used by CIFS for NetBIOS name resolution.

UDP 138

CIFS (NetBIOS Datagram Service)

Port used by CIFS for NetBIOS Datagram Service.

TCP 139

CIFS (NetBIOS Session Service)

Port used by CIFS for session information.

UDP 161

SNMP (Query)

Port is used only if SNMP is enabled. Run ‘snmp status’ to determine if this is the case.

TCP 389

LDAP

LDAP server listens on this port for any LDAP client request. By Default it uses TCP.

TCP 443

HTTPS

Port is used only if HTTPS is enabled (run ‘adminaccess show’ on the Data Domain system to determine if this is the case).

TCP 445

CIFS (Microsoft-DS)

Main port used by CIFS for data transfer.

TCP 2049

OST / NFS

Main port used by NFS. Can be modified via the ‘nfs set server-port’ command. Command requires SE mode.

TCP 2051

Replication / OST / Optimized Duplication

Port is used only if replication is configured on the Data Domain system. Run ‘replication show config’ to determine if this is the case. This port can be modified via the ‘replication modify’ command.

TCP 2052

NFS Mountd / OST / Optimized Duplication

Main port used by NFS MOUNTD. Can be modified via the 'nfs set mountd-port' command in SE mode.

TCP 3009

SMS (System Management)

Port is used for managing a system remotely using Web Based GUI DDEM (Data Domain Enterprise Manager). This port cannot be modified. This port is only used on Data Domain systems running DDOS 4.7.x or later. This port will also need to be opened if you plan to configure replication from within the Data Domain GUI interface, as the replication partner needs to be added to the DD Enterprise Manager.

TCP 5001

iPerf

Port is default used by iperf.To change the port, it requires -p option from se iperf or port option from the net iperf command. And the remote side must listen on the new port.

TCP 5002

Congestion-checker

Port is default used by congestion-checker, when it runs iperf. To change the port the new port needs to be specified in the port option of the net congestion-check command. The remote side must also be listen on the new port. It is available only for DDOS 5.2 and above.

* NFS (mountd) Can be hardcoded via command ‘nfs set mountd-port’. Command requires SE mode.

Table 1.2 – Ports Used by Data Domain system for Outbound Traffic


Port

Service

Note

TCP 20

FTP

Port is used for data only if FTP is enabled (run ‘adminaccess show’ on the Data Domain system to determine if this is the case).

TCP 25

SMTP

Used by the Data Domain system to send email autosupports and alerts.

UDP/TCP 53

DNS

Port is used by Data Domain system to perform DNS lookups when DNS is configured. Run ‘net show dns’ to review DNS configuration.

TCP 80

HTTP

Used by Data Domain system for uploading log files to Data Domain Support via the ‘support upload’ command.

UDP 123

NTP

Used by the Data Domain system to synchronize to a time server.

UDP 162

SNMP (Trap)

Used by the Data Domain system to send SNMP traps to SNMP host. Use ‘snmp show trap-hosts’ to see destination hosts and ‘snmp status’ to display service status.

UDP 514

Syslog

Used by the Data Domain system to send syslog messages, if enabled. Use ‘log host show’ to display destination hosts and service status.

TCP 2051

Replication / OST / Optimized Duplication

Used by Data Domain system only if replication is configured. Use ‘replication show config’ to determine if this is the case.

TCP 3009

SMS (System Management)

Port is used for managing a system remotely using Web Based GUI DDEM (Data Domain Enterprise Manager). This port cannot be modified. This port is only used on Data Domain systems running DDOS 4.7.x or later. This port will also need to be opened if you plan to configure replication from within the Data Domain GUI interface, as the replication partner needs to be added to the DD Enterprise Manager.

TCP 5001

iPerf

Port is default used by iperf.To change the port, it requires -p option from se iperf or port option from the net iperf command. And the remote side must listen on the new port.

TCP 5002

Congestion-checker

Port is default used by congestion-checker, when it runs iperf. To change the port the new port needs to be specified in the port option of the net congestion-check command. The remote side must also be listen on the new port. It is available only for DDOS 5.2 and above

TCP 27000

Avamar client

communications with

Avamar server

Avamar client network hosts

TCP 27000

Avamar server

communications with

Replicator target

server (Avamar

proprietary

communication)

Required if server is used as Replicator source.

TCP 28001

Avamar client

communications with

administrator server

Avamar clients required.

TCP 28002

Administrator server

communications with

Avamar client

Optional for browsing clients and cancelling backups from Avamar Administrator management console.

TCP 29000

Avamar client Secure

Sockets Layer (SSL)

communications with

Avamar server

Avamar clients required.

TCP 29000

Avamar server SSL

communications with

Replicator target

server

Required if server is Replicator source.

 

 

REFERENCE