Default Port Numbers
By default, the library uses certain port numbers. Configure your firewall it to
allow traffic to use these ports.
Enable the ports listed below on each of the network interfaces that are in use
(except for the OKM interface — you only need to enable the OKM ports on the network
interface used to connect to the OKM cluster).
Port
IP
Protocol
Description
Direction
22
TCP
SSH
SSH access to Linux running on library. Only enabled for
72 hours after an “Escalation” role service user is created.
To library
25
TCP
SMTP
Connection to external SMTP (Simple Mail Transfer
Protocol) server. Required if you have configured any e-mail
destinations.
From library
53
TCP & UDP
DNS
DNS (domain name server) lookup.
From library
80
TCP
HTTP
Default port for browser access.
To library
161
UDP
SNMP
Inbound GET requests using SNMP.
To library
162
UDP
SNMP
Outbound SNMP TRAPs.
From library
123
TCP
NTP
Connection from library to an external NTP server.
From library
443
TCP
HTTPS
Default port for browser and web services interfaces.
To library
7104
TCP
HTTP
Alternate port for browser access.
To library
7102
TCP
HTTPS
Alternate port for browser and web services
interfaces.
To library
7104
TCP
HTTP
Browser GUI based access to WebLogic console running on
the library. Only accessible by an “Escalation” user.
To library
7105
TCP
HTTPS
Browser GUI based access to WebLogic console running on
the library. Only accessible by an “Escalation” user.
To library
Externally Defined
TCP
HTTP & HTTPS
Servers that are configured to receive outbound SCI
calls will listen for SCI calls on ports of their choice. Open these
port number in any firewalls and provided the port numbers
configuring the destination on the library.
From library
Externally Defined
TCP
OKM
If the library is configured to retrieve tape drive
encryption keys from a OKM cluster, open the ports used for OKM (see
the OKM documentation).
From library
Browser and Web Services Interface
Ports
The GUI and SCI protocols use default ports that can be modified using the
configuration wizard.
The GUI can use both HTTP and HTTPS. The SCI protocol uses only HTTPS to
secure for the credentials passed in each request. By default, these two protocols
are on their standard port number of 80 for HTTP and 443 for HTTPS. You can modify
these ports in the GUI (see Launch the Configuration Wizard).
Service Access Ports
The library enables or disables service ports depending on if a Service user has been
created for the library.
Under normal library operations only customer-created users may log in to
the library However, the administrator can enable service access when necessary (see
Add a Service User). Creating a service user with an Escalation role enables access
to the library that is not normally allowed. Specifically, an Escalation user can
log in to Linux on the library using SSH on port 22 and can access the WebLogic
console function using port 7104 for HTTP or 7105 for HTTPS. Service users expire 72
hours after creation. The library disables port 22 if there are no enabled service
users. The library always enables ports 7104 and 7105, but unless an Escalation user
exists, there are no valid users that can log in to the WebLogic console.
SNMP Ports
The library supports SNMP v3 protocol. The library uses ports 161
(inbound) and 162 (outbound) for SNMP GET commands and SNMP traps respectively.
E-mail Ports
The library uses port 25 for e-mail communication.
The library can send e-mail messages when certain events occur (see
Configure Email Notifications). If you configure e-mail destinations, you must
also configure an SMTP server and open port 25.
DNS Ports
DNS uses port 53.
DNS configuration is optional. You only need to configure DNS if
destinations use host names (destination include SNMP, E-mail, Outbound SCI). You
can add up to three DNS servers (see Launch the Configuration Wizard).
NTP Ports
The library uses port 123 for NTP.
The library can use an external NTP server to control the library clock
(see Configure Time Settings). If using an external NTP server, you must open
port 123.
Oracle Key Manager (OKM)
Ports
See the OKM documentation for details on which port numbers to use.
You can connect an OKM cluster to the library’s OKM interface. You
select the interface during network configuration of the library (see Launch the Configuration Wizard). Unlike legacy tape libraries, the SL4000 only requires a single
connection to OKM, rather than individual connections to each encrypted tape drive.
You must open the ports used by OKM appliance on the selected connection.