Cc-sg & snmp, Cc-sg & cc-noc, Cc-sg internal ports – Raritan Engineering Command Center CC-SG User Manual

Page 250: Cc-sg access via nat-enabled firewall

background image

234 C

OMMAND

C

ENTER

S

ECURE

G

ATEWAY

A

DMINISTRATOR

G

UIDE

CC-SG & SNMP

Simple Network Management Protocol (SNMP) allows CC-SG to push SNMP traps (event
notifications) to an existing SNMP manager on the network. CC-SG also supports SNMP
GET/SET operations with third-party Enterprise Management Solutions, such as HP OpenView.

Communication Direction Port

Number

Protocol

Purpose

Configurable?

SNMP Manager → CC-SG

161

UDP

SNMP Get, Set

yes

CC-SG → SNMP Manager

162

UDP

Sending Traps

yes


CC-SG & CC-NOC

CC-NOC can optional appliance that can be deployed in conjunction with CC-SG. CC-NOC is a
Raritan network-monitoring appliance that audits and monitors the status of servers, equipment,
and Raritan devices that CC-SG manages.

Communication Direction Port

Number

Protocol

Purpose

Configurable?

CC-SG ↔ CC-NOC

9443

TCP

CC-SG, CC-NOC
Communications

no

CC-SG Internal Ports

CC-SG uses several ports for internal functions and its local firewall function blocks access to
these ports. However, some external scanners may detect these as “blocked” or “filtered”.
External access to these ports is not required and can be further blocked. The ports currently in
use are:

1088, 1098, 2222, 4444, 4445, 8009, 8083 and 8093


In addition to these ports, CC-SG may have a couple of TCP and UDP ports in the 32xxx (or
higher) range open. External access to these ports is not required and can be blocked.

CC-SG Access via NAT-enabled Firewall

If the firewall is using NAT (Network Address Translation) along with possibly Port Address
Translation (PAT), then Proxy mode should be used for all connections that use this firewall.
Moreover, the firewall must be configured for external connections to Ports 80(non-SSL)/443
(SSL)

2

, 8080 and 2400 to be forwarded to CC-SG (since the PC Client will initiate sessions on

these ports).

All In-Band Access (IBA) connections use the CC-SG as the Proxy connection and no additional
configuration is required. Out-of-Band Access (OBA) connections using the firewall must be
configured on the Setup Î Configuration Manager Î Connection Mode menu to use Proxy
mode. This way, CC-SG will connect to the various targets (either IBA or OBA) on behalf of the
PC Client requests. However, the CC-SG will terminate the PC Client to Target TCP/IP
connection that comes through the firewall.

2

It it NOT recommended to run non-SSL traffic through a firewall.