Open Network Port Requirements

By default, the following ports are open to allow BrickStor SP to take advantage of various features and functionality. The following table lists these ports.

Table 1. BrickStor SP Open Network Port Requirements
Ports Description/Service Protocol Direction This port is open to/Purpose

22

SSH

TCP

bidirectional

Receive Management and Replication data

22, 8444, 8544

TCP Replication

TCP

outbound

Send Replication

25, 587

mail

TCP

outbound

send notification emails

53

DNS

UDP

bidirectional

Domain name Service

88

Kerberos

UDP

outbound

Authentication

111

NFS/rpc

TCP/UDP

bidirectional

NFS client access

123

NTP

UDP

bidirectional

Time synchronization

139, 445

SMB

TCP/UDP

inbound

SMB/CIFS client access

161

SNMP

UDP

bidirectional

Monitoring with SNMP

162

SNMP traps

UDP

outbound

Sending alerts to SNMP stations

389, 636

LDAP

TCP/UDP

outbound

Access to directory service servers

443

HTTPS

TCP

outbound

Call Home for Software Updates (https://myracktop.com)

443

HTTPS

TCP

inbound

RMM/iLO Out of Band Management

443

hiavd

TCP

outbound

High Availability Windows Witness

514

syslog

TCP/UDP

outbound

Logging

623

RMCP

TCP/UDP

inbound

HA Power/IPMI access

2049

NFS/portmap

TCP/UDP

inbound

NFS client access

2379,2380

confd

TCP

inbound

Configuration database

3205, 3260

iSCSI

TCP

inbound

iSCSI client/initiator access

4045

NFS/lockmgr

TCP/UDP

inbound

NFS client access

4746

hiavd

TCP

bidirectional

High Availability (between HA nodes)

5696, 8445

KMIP

TCP

outbound

Access to key management server

5697

keymgrd

TCP

bidirectional

Key replication/sync

5699

bsrlicensed

TCP

bidirectional

HA license check

8000

hubd

TCP

inbound

Allows external appliances to connect to hub local (TLS)

8086, 8088

influxdb

TCP

inbound

Used for BrickStor SP Manager (charts)

8123

hubd

TCP

inbound

Web access to hub local admin interface (HTTPS)

80, 443, 8443

bsrapid

TCP

inbound

Used for BrickStor SP Manager (http/https)
ICMP echo (Ping) is required between all HA nodes, including the Witness.
Port 4746 for hiavd relates to the first instance of hiavd. The N(th) instance of hiavd will use port 4745+N, and so on. For example, the second instance of hiavd on the same witness host will listen on port 4747. In that case, inbound TCP port 4747 will need be allowed on the witness host’s firewall. The same logic is used for confd.