TECHNICAL NOTE OPEN PORTS USED BY STRM November 2010 This document provides information about the ports used by and between STRM components. Table 1 lists the common ports used by STRM components, identifies the signaling direction for that port, and provides the reason for using the port. Note: The ports listed in this document are valid only when iptables is enabled on your STRM system. Table 1 List of Common Ports Used by STRM Components TCP 22 - SSH TCP 25 - SMTP UDP/TCP 37 - Rdate (time) STRM to all other components From all managed hosts to your SMTP gateway All systems to the STRM STRM to the NTP or RDATE server Remote management access Adding a remote system as a managed host Retrieving log files End-user desktops to the STRM High Availability (HA) E-mail to an SMTP gateway Error/warning e-mail messages to an administrative e-mail contact To keep time synchronized, especially on QFlow Collectors Release 2010.0 TN30082010-A
2 Table 1 List of Common Ports Used by STRM Components (continued) TCP 80 - Apache/https End users to the STRM End users to the STRM Deployment Editor TCP 443 - Apache/https STRM managed hosts connecting to the STRM End users connecting to the STRM UDP 514 - Syslog TCP 5432 - Postgres TCP 10000 - Remote Server management (Web-Based System Administration Interface) TCP 7676, 7677 - Messaging connections (imq) TCP 32000-33999 - Data flow (flows, events, flow context) UDP 2055, 9995 TCP 135 - DCOM External log sources to STRM Event Collectors From all remote managed hosts running Event Collector/Event Processor to the STRM End-user desktop to all STRM hosts All STRM managed hosts to the STRM The STRM to all STRM managed hosts Bi-directional between STRM components From the management interface on the flow source (typically a router) to the QFlow Collector Port 135 and the DCOM port range must be accessible on the target Microsoft Windows host. DCOM typically uses a range of random ports can be configured to use a specific range. For more information, see your Microsoft Windows documentation. Admin interface downloads from the STRM to end-user desktops Deployment editor component downloads from the STRM to end-user desktops Configuration downloads to STRM managed hosts from the STRM Access to the STRM user interface for end users Event data feeds from STRM components When provisioning managed hosts using the Admin interface. Server changes, such as root password and firewalls Configuration data changes are sent back and forth between the STRM and managed hosts Data flows, such as events, flows, flow context, and event search queries NetFlow datagram from components, such as routers Any firewall between STRM and the target Microsoft Windows host must be configured to allow DCOM communication. Release 2010.0 TN30082010-A
3 Table 1 List of Common Ports Used by STRM Components (continued) TCP/UDP 6543 Bi-directional between the Heartbeat ping from a secondary host to a cluster to detect hardware or network failure. TCP/UDP 7789 ICMP TCP/UDP 7800 TCP/UDP 7802 Bi-directional between the Bi-directional between the From the Event Collector to the From the Event Collector to the Testing the network connection between the secondary host and cluster using Distributed Replicated Block Device (DRBD) Testing the network connection between the secondary host and cluster using Internet Control Message Protocol (ICMP) Real-time (streaming) for events and flows Real-time (streaming) for events and flows All the ports listed in Table 1 can be tunneled, by encryption, through port 22 over SSH. TN30082010-A Release 2010.0
Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Copyright Notice Copyright 2010 Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
TN30082010-A Release 2010.0 5