Open Ports in GigaVUE‑FM

This appendix provides information about the open ports in GigaVUE‑FM and also in the devices. Refer to the following sections:

Open Default Ports

The following table provides information about the default ports open in the firewall for GigaVUE‑FM. The table is sorted by Protocol and then Port Number.

Port Number

Protocol

Service

Traffic Direction

Description

HTTP

GigaVUE‑FM GUI

Bidirectional traffic between Web Browser and GigaVUE‑FM

Used for redirecting the traffic internally to port 443.

Note: You can choose to shut down port 80 for enhanced security.

443

HTTPS

GigaVUE‑FM GUI

Bidirectional traffic between Web Browser and GigaVUE‑FM

Bidirectional traffic between GigaVUE‑FM and GigaVUE-VM.

Used for normal GigaVUE‑FM user interaction.

389

LDAP

AAA

Bidirectional traffic between LDAP server and GigaVUE‑FM

Used for accessing and maintaining distributed directory information services over the Internet Protocol (IP) network.

636

LDAP

AAA

Bidirectional traffic between LDAP server and GigaVUE‑FM

Used for secure LDAP protocol over SSL for accessing and maintaining distributed directory information services over the Internet Protocol (IP) network.

1812/1813

1645/1646

Radius

AAA

Bidirectional traffic between Radius server and GigaVUE‑FM

Used for running the client/server protocol in the application layer. They can use either TCP or UDP as the transport protocol.

TACACS

AAA

Bidirectional traffic between TACACS server and GigaVUE‑FM

Used for communicating with the authentication server in order to determine if you have access to the network.

TCP

SSH

Bidirectional traffic between Putty and GigaVUE‑FM

●

Used for GigaVUE‑FM admin user login. Also, used for initial GigaVUE‑FM IP configuration.

●

Used by the web browser to communicate with GigaVUE-VM for troubleshooting purposes.

514

TCP

Logstash

Unidirectional traffic from physical nodes to GigaVUE‑FM

Used for sending device log messages via SSL from devices to GigaVUE‑FM.

5672

TCP

RabbitMq

Unidirectional traffic from physical nodes to GigaVUE‑FM

Used for sending event notifications via SSL from devices to GigaVUE‑FM.

5671

TCP/SSL

RabbitMq

Unidirectional traffic from physical nodes to GigaVUE‑FM

Used for sending event notifications via SSL from devices to GigaVUE‑FM.

UDP

DNS

Bidirectional traffic between a DNS server and GigaVUE‑FM

Used to resolve Fully Qualified Domain Names (FQDNs).

UDP

DHCP

Bidirectional traffic between GigaVUE‑FM and DHCP server

Used only if DHCP is enabled on the GigaVUE‑FM appliance.

123

UDP

NTP

Bidirectional traffic between a Network Time Protocol (NTP) server and GigaVUE‑FM

Used only if GigaVUE‑FM is configured to use NTP.

162

UDP

SNMP

Unidirectional traffic from managed appliances to GigaVUE‑FM

Used to process incoming traps sent from managed appliances to GigaVUE‑FM.

2055

UDP

NetFlow

Unidirectional traffic from managed Appliances to GigaVUE‑FM

Used for receiving NetFlow traffic.

2056

UDP

NetFlow

Unidirectional traffic from physical nodes to GigaVUE‑FM

Used by Application Intelligence for sending monitoring reports to GigaVUE-FM

Open Ports for GigaVUE‑FM Migration

The following table provides details about ports that must be open during GigaVUE‑FM migration.

Port Number

Protocol

Service

Traffic Direction

Description

443

HTTPS

GigaVUE‑FM GUI

Bidirectional traffic between Web Browser and GigaVUE‑FM

Used for API and GUI access related operations.

TCP

SSH

Bidirectional traffic between Putty and GigaVUE‑FM

Used for transferring configuration files between two instances of GigaVUE‑FM.

902

TCP/UDP

ESXi Host

Bidirectional traffic between VMware vCenter and ESXi hosts

●

For migration and provisioning purposes, this port must be open between the VMware vCenter server and the VMware ESXi hosts. Otherwise, GigaVUE‑FM bulk deployment fails.

●

Used for sending data from vCenter Server to the ESXi host. The ESXi host uses this port to send regular heartbeat to the vCenter Server system.

Open Ports for High Availability

The following table provides details about ports that must be open for GigaVUE‑FM High Availability.

Port Number

Protocol

Service

Traffic Direction

Description

TCP

SSH

Bidirectional traffic between Putty and GigaVUE‑FM

●

Used for GigaVUE‑FM admin user login. Also, used for initial GigaVUE‑FM IP configuration.

●

Used by the web browser to communicate with GigaVUE-VM for troubleshooting purposes.

●

Used for transferring configuration files between two GigaVUE‑FM instances during migration.

TCP

HTTP

Bidirectional traffic between Web Browser and GigaVUE‑FM

Used for redirecting the traffic internally to port 443.

Note: You can choose to shut down port 80 for enhanced security.

443

TCP

HTTPS

Bidirectional traffic between Web Browser and GigaVUE‑FM

Bidirectional traffic between GigaVUE‑FM and GigaVUE-VM.

Used for normal GigaVUE‑FM user interaction.

514

TCP/UDP

Shell/Syslog

Unidirectional traffic from physical nodes to GigaVUE‑FM

Used for sending device log messages via SSL from devices to GigaVUE‑FM.

4369

TCP

EPMD/RMQ

Bidirectional traffic between RMQ members in cluster.

Small additional process that runs alongside every RabbitMQ node and is used by the runtime to discover what port a particular node listens to. The port is then used by peer nodes.

5671

TCP

amqps

Unidirectional traffic from physical nodes to GigaVUE‑FM

Used for sending event notifications via SSL from devices to GigaVUE‑FM.

25672

TCP

RabbitMQ/

SNMP Traps

Bidirectional traffic between RMQ members in cluster.

UDP

DHCP

Bidirectional traffic between GigaVUE‑FM and DHCP server

Used only if DHCP is enabled on the GigaVUE‑FM appliance.

162

UDP

SNMP

Unidirectional traffic from managed appliances to GigaVUE‑FM

Used to process incoming traps sent from managed appliances to GigaVUE‑FM.

Note: Ports 9514 and 9162 are used to receive traffic forwarded by ports 514 and 162, respectively. Therefore, these ports need not be opened explicitly.

Open Ports for Communication Between Members of GigaVUE‑FM High Availability Cluster

The following table lists the ports that must be open for communication between the members of GigaVUE‑FM High Availability cluster.

Note: These ports cannot be accessed by standalone GigaVUE‑FM instances.

Port Number	Protocol	Service	Traffic Direction	Description
8300	TCP	Consul	Bidirectional traffic between members in GigaVUE-FM cluster.	Used To handle incoming requests from other agents.
8301	TCP/UDP	Consul	Bidirectional traffic between members in GigaVUE-FM cluster.	Used for inter-cluster communication over LAN.
8302	TCP	Consul	Bidirectional traffic between members in GigaVUE-FM cluster.	Used for inter-cluster communication over WAN.
30865	TCP	CSync2	Bidirectional traffic between members in GigaVUE-FM cluster.	Used for Synchronization of files/directories across cluster. For example, Image files during GigaVUE-FM HA Upgrade.
9300	TCP	Elastic Search	Bidirectional traffic between members in GigaVUE-FM cluster.	Used for inter-cluster communication.
27017	TCP	MongoDB	Bidirectional traffic between members in GigaVUE-FM cluster.	Used for data replication across clusters and data access through GigaVUE‑OS CLI.

Open Ports in GigaVUE H Series Devices

The following table lists the open ports in GigaVUE-H series devices. GigaVUE‑FM manages the devices using these open ports.

Port Number	Protocol	Service	Traffic Direction	Description
22	SSH	Device Management	Bidirectional traffic between GigaVUE‑FM and devices.	Used for image download, configuration backup/restore operations
80	HTTP	Communication	Bidirectional traffic between GigaVUE‑FM and devices.	Used for initial communication setup. Assumption is that HTTP redirect will be turned ON in all GigaVUE devices and FM will use HTTP(S) henceforth
443	HTTPS	Communication	Bidirectional traffic between GigaVUE‑FM and devices.	GigaVUE‑FM to device communication. Refer to the following notes: Starting in software version 5.9.00, XML Gateway services are shutdown in the devices. Therefore, if you change the HTTPS port number of a device using CLI, then: For devices that are not added and managed by GigaVUE‑FM: You must update the HTTPS port number when adding the nodes using the Add Physical Nodes page in GigaVUE-FM GUI. Refer to the Add Nodes Manually section for more details. For devices that have already been added and managed by GigaVUE‑FM: You must update the HTTPS port number from the Node Details page (Admin > System > Node Details ). In the Node Details page, select the device and click Edit to update the port number and click Save. Failure to do so will terminate communication between the device and GigaVUE-FM Note: Until software version 5.13, if the HTTPS port number is changed using CLI, then GigaVUE‑FM will learn the port number through the XML Gateway request. Devices with software version greater than or equal to software version 5.9.00 are XSRF enabled, by default.

Open Ports in GigaVUE G Series Devices

The following table lists the open ports in GigaVUE-G series devices. GigaVUE‑FM manages the devices using these open ports.

Port Number	Protocol	Service	Traffic Direction	Description
22	SSH	Device Management	Bidirectional traffic between GigaVUE‑FM and devices.	Configuration backup/restore operations
80	HTTP	Communication	Bidirectional traffic between GigaVUE‑FM and devices.	Used for initial communication setup. Assumption is that HTTP redirect will be turned ON in all GigaVUE devices and FM will use HTTP(S) henceforth
443	HTTPS	Communication	Bidirectional traffic between GigaVUE‑FM and devices.	GigaVUE‑FM to device communication

Open Ports for Clustered Node Communication

The following table lists the open ports in GigaVUE H Series and GigaVUE TA Series devices.

Port Number	Protocol	Service	Traffic Direction	Description
5353	UDP	Communication	Bidirectional	Used for cluster communication
6379	TCP	Communication	Bidirectional	Used to communicate with clients that need to reach the cluster nodes