Veritas NetBackup™ Appliance Security Guide
- About the NetBackup appliance Security Guide
- User authentication
- User authorization
- Intrusion prevention and intrusion detection systems
- Log files
- Operating system security
- Data security
- Web security
- Network security
- Call Home security
- IPMI security
- STIG compliance
- Appendix A. Security release content
About NetBackup appliance ports
In addition to the ports used by NetBackup software, NetBackup appliances also provide for both in-band and out-of-band management. The out-of-band management is through a separate network connection, the Remote Management Module (RMM), and the Intelligent Platform Management Interface (IPMI). Open these ports through the firewall as appropriate to allow access to the management services from a remote laptop or KVM (keyboard, video monitor, mouse).
Warning:
The NetBackup Appliance Web Console is now available only over HTTPS on the default port 443; port 80 over HTTP has been disabled. Please use https://<appliance-name>
to log in to the Web Console, where appliance-name is the fully qualified domain name (FQDN) of the Appliance and can also be an IP address.
Table: Inbound ports lists the ports open for inbound communication to the NetBackup Appliance.
Table: Inbound ports
Port | Service | Description |
---|---|---|
22 | ssh | In-band management CLI |
80 | HTTP | In-band management GUI |
443 | HTTPS | In-band management GUI |
80 | HTTP | Out-of-band management (ISM+ or RM*) |
443 | HTTPS | Out-of-band management (ISM+ or RM*) |
5900 | KVM | CLI access, ISO & CDROM redirection |
623 | KVM | (optional, used if open) |
7578 | RMM | CLI access |
5120 | RMM | ISO & CD-ROM redirection |
5123 | RMM | Floppy redirection |
7582 | RMM | KVM |
5124 | HTTPS | CD ROM |
5127 | USB or Floppy | |
2049 | HTTPS | NFS++ |
445 | CIFS (for the Log/Install shares) |
+ NetBackup Integrated storage manager
* Veritas Remote Management - Remote Console
++ Once the NFS service is shut down, the vulnerability scanners do not pick up these ports as threats.
Note:
Ports 7578, 5120, and 5123 are for the unencrypted mode. Ports 7528, 5124, and 5127 are for the encrypted mode.
Table: Outbound ports list the ports outbound from the appliance to allow alerts and notifications to the indicated servers.
Table: Outbound ports
Port | Service | Description |
---|---|---|
443 | HTTPS | Call Home notifications to Veritas |
162** | SNMP | Download appliance updates |
443 | HTTPS | Download SDCS certificate |
** This port number can be changed within the appliance configuration to match the remote server.
A complete list of all the applicable ports is available in the NetBackup Network Ports Reference Guide.