The following ports should be opened:
Port Number |
Protocol |
Purpose |
Details |
---|---|---|---|
80 |
TCP |
HTTP Access to CC-SG |
Not encrypted. |
443 |
TCP |
HTTPS (SSL) Access to CC-SG and Node Access to Dominion KXII-connected nodes in Direct Mode |
SSL/AES-128/AES-256 encrypted. |
8080 |
TCP |
CC-SG to PC Client |
SSL/AES-128/AES-256 encrypted if configured. |
2400 |
TCP |
Node Access (Proxy Mode) |
This port must be opened per Raritan device that will be externally accessed. The other ports in the table must be opened only for accessing CC-SG. Encrypted only for Dominion KX II devices, release 2.1.10 or higher, if encryption is set in the device |
5000 |
TCP |
Node Access (Direct Mode) |
This port must be opened per Raritan device that will be externally accessed. The other ports in the table must be opened only for accessing CC-SG. AES-128/AES-256 encrypted if configured. |
80 and 443 for Control System nodes 80, 443, 902, and 903 for Virtual Host and Virtual Machine Nodes |
TCP |
Virtual Node Access |
N/A |
51000 |
TCP |
SX Target Access (Direct Mode) |
AES-128/AES-256 encrypted if configured. |
Port 80 can be closed if all access to the CC-SG is via HTTPS addresses.
Ports 5000 and 51000 can be closed if CC-SG Proxy mode is used for connections from the firewall.