Appendix b: cc-sg and network configuration, Introduction, Executive summary – Raritan Engineering Command Center CC-SG User Manual

Page 245

Advertising
background image

A

PPENDIX B

:

CC

-

SG AND NETWORK CONFIGURATION

229

Appendix B: CC-SG and Network Configuration

Introduction

This appendix discloses network requirements (addresses, protocols and ports) of a typical
CommandCenter Secure Gateway (CC-SG) deployment. It provides what you need to know and
how to configure your network for both external access (if desired) and internal security and
routing policy enforcement (if used). Details are provided for the benefit of a TCP/IP network
administrator, whose role and responsibilities may extend beyond that of a CC-SG administrator
and who may wish to incorporate CC-SG and its components into site’s security access and
routing policies.

As depicted in the diagram below (see Figure #1), a typical CC-SG deployment may have none,
some, or all of the features, for example, a firewall or a Virtual Private Network (VPN). The
tables that follow disclose the protocols and ports that are needed by CC-SG and its associated
components, which are essential to understand especially if firewalls or VPNs are present in your
network and access and security policies are to be enforced by the network.

Executive Summary

In the sections below, a very complete and thorough analysis of the communications and port
usage by CC-SG and its associated components is provided. For those customers that just want to
know what ports to open on a firewall to allow access to CC-SG and the targets that it controls,
the following ports should be opened:

Port
Number

Protocol

Purpose

80

TCP

HTTP Access to CC-SG

443

TCP

HTTPS (SSL) Access to CC-SG

8080

TCP

CC-SG <-> PC Client

2400

TCP

Target Access (Proxy Mode & In-Band Access)

5000

1

TCP

Target Access (Direct Mode)

51000

1

TCP

SX Target Access (Direct Mode)


This list can be further trimmed:
• Port 80 can be dropped if all access to the CC-SG is via HTTPS addresses.
• Ports 5000 and 51000 can be dropped if CC-SG Proxy mode is used for any connections from

the firewall(s).


Thus, a minimum configuration only requires three (3) ports [443, 8080, and 2400] to be opened
to allow external access to CC-SG.

In the sections below, the details about these access methods and ports are provided along with
configuration controls and options.

1

These ports need to be opened per Raritan device that will be externally accessed. The other

ports in the table need to be opened only for accessing CC-SG.

Advertising
Popular Brands
Popular manuals