Details about what support tunnels are and how to allow connections through a firewall.
What password is needed?
What ports need to be opened in my firewall in order to create a support tunnel?
Requirements for Remote Support
Please provide the Asset Tag for Unitrends System that we will be supporting along with confirmation of the Support Tunnel being started and SSH root user password. If you receive a 5 digit tunnel number after starting the Support Tunnel, it indicates that your system needs the iTivityagent update. Please follow the instructions in KB 4056 to download and install the latest code, they try open the Support Tunnel again.
We will be using the SSH user of root for our Support session (same user used to reboot the Unitrends system). If you have changed the default password, please provide to us a password we can use. If you do not recall the password or you need to change it, please follow the instructions in the KB 2392 titled "How to Reset the SSH Root Password."
How to Open the Secure Support Tunnel
Using the Web Administrative Interface
- In 9.x and newer systems (HTML5 Satori /ui/): Click the question mark (?) then click OPEN SUPPORT TUNNEL.
How do I open a tunnel for support from the command shell?
- Connect to the Unitrends System using an SSH Terminal program (e.g. PuTTY)
- Log in as the user root. By default, the password is unitrends1.
- Once at the command prompt, execute this command to start the Support Tunnel:
># dpu support
NOTE: If you receive a 5 digit tunnel number after starting the Support Tunnel, it indicates that your system needs the iTivity agent update. Please follow the instructions in KB 4056 to download and install the latest code.
Warning: Unitrends highly recommends against using any form of the string 'unitrend' in any password. Any password containing this phrase, in either the UI or OS, should be changed immediately. See also Password Reset: How to reset the root password of the Web Administrative Interface on your Unitrends system.
How to close the Support Tunnel
Repeating the process to open the tunnel, will close the tunnel, with confirmation.
In order to facilitate speedy resolution of issues that may arise on the Unitrends appliance there is a built in utility that you can start whereby the Unitrends Engineer can remotely access the DPU.
What is a support tunnel?
The Support Tunnel is a connection from a source appliance to a Unitrends hosted system that allows secure reverse tunneling to the unit itself for support and diagnostic purposes. All traffic through the Support Tunnel is encrypted for your protection. A support tunnel is open and accessible only once the feature has been manually activated it. It is an outgoing port only, and cannot be remotely initiated. It can be closed at any time.
The connection is through a server and communication is encrypted. All activity is logged normally no different from a user at the physical console or accessing the web UI. The tunnel does not provide subnet access to the local network directly, only to the appliance itself. Any actions a Unitrends Support takes through a tunnel will be with your express consent and under a trusted partner relationship.
The tunnel provides command line and UI access to the appliance over a temporary network link. It is the most efficient manner for a Unitrends Support Engineer to remotely diagnose, patch, or maintain a Unitrends physical or virtual appliance. Though most maintenance and support is convenient enough to complete through a Zoom Remote Support Session, many processes including disk management, database maintenance, replication diagnosis and monitoring, as well as working to find elusive issues are inconvenient or impossible to complete over a sustained Zoom Remote Support Session. Direct access to a unit provides Unitrends the opportunity to perform maintenance and advanced diagnostics including as necessary engaging senior engineers and developers while minimizing scheduling constrains and unnecessary desktop sharing sessions.
If security requirements prevent this type of access, the effort required and the resolution time may be negatively impacted.
What Ports are used for access?
For the most recent list of information, please see the article titled: "What Firewall Ports should be allowed from the Unitrends appliance through my firewall?"
Please allow the following servers to communicate with the Unitrends system. These servers allow Unitrends Support to help you diagnose, troubleshoot, and resolve most issues remotely:
- support-itivity.unitrends.com (220.127.116.11): This is the Primary Secure Tunnel Server. Port 80 is used for negotiation and Port 443 for all communication and traffic. It is an outgoing TCP port only.
- itivity-backup.unitrends.com (18.104.22.168): This is the Secondary Secure Tunnel Server, a backup/failover for support-itivity.unitrends.com. Port 80 is used for negotiation and Port 443 for all communication and traffic. It is an outgoing TCP port only.
- ICMP Traffic to repo.unitrends.com. This server also provides code updates to the Unitrends appliances via FTP (and PASV FTP).