Appendix b: cc-sg and network configuration, Introduction, Executive summary – Raritan Computer CC-SG User Manual

Page 229

Advertising
background image

A

PPENDIX

B:

CC-SG

AND

N

ETWORK

C

ONFIGURATION

215

Appendix B: CC-SG and Network Configuration

Introduction

This appendix discloses network requirements (addresses, protocols and ports) of a typical CC-
SG (CC-SG) deployment. It includes information about how to configure your network for both
external access (if desired) and internal security and routing policy enforcement (if used). Details
are provided for the benefit of a TCP/IP network administrator, whose role and responsibilities
may extend beyond that of a CC-SG administrator and who may wish to incorporate CC-SG and
its components into a site’s security access and routing policies.

As depicted in the diagram below, a typical CC-SG deployment may have none, some, or all of
the features, for example, a firewall or a Virtual Private Network (VPN). The tables that follow
disclose the protocols and ports that are needed by CC-SG and its associated components, which
are essential to understand especially if firewalls or VPNs are present in your network and access
and security policies are to be enforced by the network.

Executive Summary

In the sections below, a very complete and thorough analysis of the communications and port
usage by CC-SG and its associated components is provided. For those customers who just want to
know what ports to open on a firewall to allow access to CC-SG and the targets that it controls,
the following ports should be opened:

Port
Number

Protocol

Purpose

80

TCP

HTTP Access to CC-SG

443

TCP

HTTPS (SSL) Access to CC-SG

8080

TCP

CC-SG <-> PC Client

2400

TCP

Node Access (Proxy Mode & In-Band Access)

5000

1

TCP

Node Access (Direct Mode)

51000

1

TCP

SX Target Access (Direct Mode)

This list can be further trimmed:
• Port 80 can be dropped if all access to the CC-SG is via HTTPS addresses.
• Ports 5000 and 51000 can be dropped if CC-SG Proxy mode is used for any connections from

the firewall(s).

Thus, a minimum configuration only requires three (3) ports [443, 8080, and 2400] to be opened
to allow external access to CC-SG.

In the sections below, the details about these access methods and ports are provided along with
configuration controls and options.

1

These ports need to be opened per Raritan device that will be externally accessed. The other

ports in the table need to be opened only for accessing CC-SG.

Advertising
Popular Brands
Popular manuals