Default Port Numbers

By default, the library uses certain port numbers. Configure your firewall it to
allow traffic to use these ports.

Enable the ports listed below on each of the network interfaces that are in use
(except for the OKM interface — you only need to enable the OKM ports on the network
interface used to connect to the OKM cluster).

Port

IP

Protocol

Description

Direction

22

TCP

SSH

SSH access to Linux running on library. Only enabled for
72 hours after an “Escalation” role service user is created.

To library

25

TCP

SMTP

Connection to external SMTP (Simple Mail Transfer
Protocol) server. Required if you have configured any e-mail
destinations.

From library

53

TCP & UDP

DNS

DNS (domain name server) lookup.

From library

80

TCP

HTTP

Default port for browser access.

To library

161

UDP

SNMP

Inbound GET requests using SNMP.

To library

162

UDP

SNMP

Outbound SNMP TRAPs.

From library

123

TCP

NTP

Connection from library to an external NTP server.

From library

443

TCP

HTTPS

Default port for browser and web services interfaces.

To library

7104

TCP

HTTP

Alternate port for browser access.

To library

7102

TCP

HTTPS

Alternate port for browser and web services
interfaces.

To library

7104

TCP

HTTP

Browser GUI based access to WebLogic console running on
the library. Only accessible by an “Escalation” user.

To library

7105

TCP

HTTPS

Browser GUI based access to WebLogic console running on
the library. Only accessible by an “Escalation” user.

To library

Externally Defined

TCP

HTTP & HTTPS

Servers that are configured to receive outbound SCI
calls will listen for SCI calls on ports of their choice. Open these
port number in any firewalls and provided the port numbers
configuring the destination on the library.

From library

Externally Defined

TCP

OKM

If the library is configured to retrieve tape drive
encryption keys from a OKM cluster, open the ports used for OKM (see
the OKM documentation).

From library

Browser and Web Services Interface
Ports

The GUI and SCI protocols use default ports that can be modified using the
configuration wizard.

The GUI can use both HTTP and HTTPS. The SCI protocol uses only HTTPS to
secure for the credentials passed in each request. By default, these two protocols
are on their standard port number of 80 for HTTP and 443 for HTTPS. You can modify
these ports in the GUI (see Launch the Configuration Wizard).

Service Access Ports

The library enables or disables service ports depending on if a Service user has been
created for the library.

Under normal library operations only customer-created users may log in to
the library However, the administrator can enable service access when necessary (see
Add a Service User). Creating a service user with an Escalation role enables access
to the library that is not normally allowed. Specifically, an Escalation user can
log in to Linux on the library using SSH on port 22 and can access the WebLogic
console function using port 7104 for HTTP or 7105 for HTTPS. Service users expire 72
hours after creation. The library disables port 22 if there are no enabled service
users. The library always enables ports 7104 and 7105, but unless an Escalation user
exists, there are no valid users that can log in to the WebLogic console.

SNMP Ports

The library supports SNMP v3 protocol. The library uses ports 161
(inbound) and 162 (outbound) for SNMP GET commands and SNMP traps respectively.

E-mail Ports

The library uses port 25 for e-mail communication.

The library can send e-mail messages when certain events occur (see
Configure Email Notifications). If you configure e-mail destinations, you must
also configure an SMTP server and open port 25.

DNS Ports

DNS uses port 53.

DNS configuration is optional. You only need to configure DNS if
destinations use host names (destination include SNMP, E-mail, Outbound SCI). You
can add up to three DNS servers (see Launch the Configuration Wizard).

NTP Ports

The library uses port 123 for NTP.

The library can use an external NTP server to control the library clock
(see Configure Time Settings). If using an external NTP server, you must open
port 123.

Oracle Key Manager (OKM)
Ports

See the OKM documentation for details on which port numbers to use.

You can connect an OKM cluster to the library’s OKM interface. You
select the interface during network configuration of the library (see Launch the Configuration Wizard). Unlike legacy tape libraries, the SL4000 only requires a single
connection to OKM, rather than individual connections to each encrypted tape drive.
You must open the ports used by OKM appliance on the selected connection.