Can't find what you need?


• Ask the Community
• Create a Case
Reset Search
 

 

Article

What are firewall considerations for Netsight, Extreme Management Center(XMC), Control and Analytics appliances?

« Go Back

Information

 
TitleWhat are firewall considerations for Netsight, Extreme Management Center(XMC), Control and Analytics appliances?
Question
What ports need to be open on firewall for XMC (Also Netsight or Extreme Management Center) to talk to Control and Analytics appliances
What are firewall considerations when installing NetSight on Window OS?
Environment
  • NetSight
  • Firewall setting on Window OS
  • Extreme Management Center
  • XMC
  • Purview
  • Analytics
  • Control
  • NAC
Answer
  • The XMC Server runs on a set of non-standard ports. These TCP ports (4530-4533) must be accessible through firewalls for clients to connect to the server.
    • 4530/4531: JNP (JNDI)
    • 4532: JRMP (RMI)
    • 4533: UIL (JMS)
  • Port 8080 (Default HTTP traffic) must be accessible through firewalls for users to install and launch XMC client applications.
  • Port 8443 (Default HTTPS traffic) must be accessible through firewalls for clients to access the XMC Server Administration web pages, NetSight OneView, and NAC Dashboard.
  • Port 8444 (Default HTTPS traffic) must be accessible through firewalls for clients to access the NAC/Control Appliance Administration web pages.
  • The following ports must be accessible through firewalls for the XMCServer and a NAC appliance to communicate:
    Required Ports (all bi-directionally)
    • TCP: 4530-4533, 4589, 8080, 8443, 8444
    • UDP: 161, 162
  • The following port must be accessible through firewalls for NAC/Control appliance to NAC/Control appliance communication:
    • TCP: 8444
  • The following ports must be accessible through firewalls for NAC/Control appliance-to-NAC/Control appliance communication in order for assessment agent mobility to function properly:
    • TCP: 8080, 8443
  • The following ports must be accessible through firewalls from every end-system subnet subject to the NAC/Control assessment agent to every NAC/Control appliance in order to support agent mobility:
    • TCP: 8080, 8443
  • The following ports must be accessible through firewalls for the XMC Server and Wireless Controllers to communicate:
    • SSH: 22
    • SNMP: 161, 162
    • Langley: 20506 (TCP/UDP)
  • The following ports must be accessible (bi-directionally) through firewalls for the XMC Server and a Analytics appliance to communicate:
    • TCP: Ports 4530-4533, 4589, 8080, 8443, 22 
    • UDP: Ports 161, 162
    • To Analytics appliance:
      • UDP: Port 2055 (NetFlow)
      • TCP: 22, 8443
    • For GRE Tunnels to the Purview/Analytics appliance IP Protocol 47
    • Port 2055 must be accessible through firewalls for the NetSight Server to receive NetFlow data
  • The following ports must be accessible through firewalls for the NetSight Server and WAS to communicate: (LEGACY WAS)
    • TCP: Port 8443 — Used by WAS to authenticate NetSight users. This port corresponds to NetSight’s HTTPs Web Server port.
    • TCP: Port 443 — Import data from NetSight into WAS.
    • TCP: Port 8080 — Upgrade WAS from WAS UI.
  •  
Additional notes
For XMC on Windows Server
You can edit existing firewall rules or add new firewall rule from "Control Panel > Windows Firewall > Advanced settings (in the left side)" in Window system.
When you click "Advanced settings" menu in left side under the "Window Firewall", then the "Windows Firewall with Advanced Security" window will be appeared.
From "Inbound Rules/Outbound Rules" in left tree, you can edit the existing rules. And also you can add new rule by clicking "New Rules..." in the right side.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255