ISSUE
By default, the security level on the system is set to No Security. This allows all ports to remain open. The administrator can choose the level of security desired on a particular system. Security levels can be set by selecting Configure > Network > Ports and are categorized as:
- None (Open All)
- Low Security
- Medium Security
- High Security
RESOLUTION
To gain access to the security Ports section:
/ui/#/: CONFIGURE > Appliances (tab, select the line item) > Network (tab, below) > Ports.
To Access the System Using Medium Security
When using medium security, access the Administrator Interface by entering the following for the browser address:
/ui/#/: https://<System_IP_address>/ui/#/
Access context-sensitive Help Guides by directing the browser to:
/ui/#/: https://<System_IP_address>/unitrendsmanuals/Default.htm
Answer yes to any warning messages received.
To access the system using high security
When high security is enabled, the system can only be accessed using a KVM or directly attached monitor, keyboard, and mouse for physical systems, or from the VM console for virtual systems. You have access to the system console only. There is no way to access the Administrator Interface to view functions (such as backups, archives, replication) or make changes to any system settings.
To Disable High Security
- Connect to the system console.
- For physical systems, connect using a KVM or directly attached monitor, keyboard, and mouse.
- For Unitrends Enterprise Backup for Hyper-V, launch Hyper-V Manager, select the Unitrends VM, and click Connect.
- For Unitrends Enterprise Backup for VMware, connect to the Unitrends VM using the VMware vSphere Client, VMware Player, or VMware Workstation.
- In the Console Interface, enter 3 in the Please enter choice field.
- On the Firewall Security Level screen, enter 1, 2, or 3 in the Please enter choice field to change security level to None, Low, or Medium.
CAUSE
Open Ports and Security Levels
The ports open for each security level are listed in the table below. Additionally, in the General Configuration section of the Settings interface (Settings > System, Updates, and Licensing > General Configuration > Configuration Options), there is a field named dataport_count. This field represents the number of TCP ports allowed to be opened for data transfer. This value includes the control value and four additional ports to determine the actual port numbers from which to select. When any level of security is enabled, the control value is 1745. The default number of additional ports added to 1745 is four. When configuring a firewall (using a security setting and a dataport count of five), ports 1745 through 1749 should be opened between the system and the clients the system protects.
NOTE: About replication and vaulting. Port 1 must be open during the initial configuration of replication or legacy vaulting. During replication or vaulting setup, if you configure a secure tunnel using OpenVPN (the recommended configuration), port 1194 is used for all communication between the source and target (or vault) systems. If you do not configure a secure tunnel using OpenVPN, ports 1743,1745 and 5432 are required for managing a system from the replication target or vault. Additionally, if you do not configure a secure tunnel using OpenVPN, port 80 is used for replication and port 22 for vaulting. The necessary ports must be open in the firewall for management of the system from the replication target or vault. For more details, see What firewall ports are necessary for a Unitrends appliance to manage or be a replication target of another appliance?.
Security Level | Ports Open | Usage |
---|---|---|
Low | 1 | Replication or legacy vaulting setup |
22 | Secure shell | |
80 | HTTP web access | |
139 | Samba share | |
161 | SNMP | |
443 | Secure HTTP web access | |
445 | CIFS | |
873 | Rsync | |
888 | Agent Pairing | |
1194 | OpenVPN* | |
1743 | Extended Internet daemon | |
1744 | Extended Internet daemon | |
1745 | Extended Internet daemon | |
1746 | Extended Internet daemon | |
1747 | Extended Internet daemon | |
1748 | Extended Internet daemon | |
1749 | Extended Internet daemon | |
2049 | Network file system | |
3260 | iSCSI | |
4970 | Postgres database access | |
5432 | Postgres database access | |
5801 | VNC (Java) access | |
5900 | VNC access | |
5902 | VNC access | |
6001 | VNC HTTP web access | |
10000 | NDMP |
Security Level | Ports Open | Usage |
Medium | 1 | Replication or legacy vaulting setup |
22 | Secure shell | |
139 | Samba share | |
443 | Secure HTTP web access | |
445 | CIFS | |
1194 | OpenVPN* | |
1743 | Extended Internet daemon | |
1745 | Extended Internet daemon | |
1746 | Extended Internet daemon | |
1747 | Extended Internet daemon | |
1748 | Extended Internet daemon | |
1749 | Extended Internet daemon | |
3260 | iSCSI | |
4970 | Postgres database access | |
5432 | Postgres database access | |
10000 | NDMP |
Security Level | Ports Open | Usage |
High | 1743 | Extended Internet daemon |
1745 | Extended Internet daemon | |
1746 | Extended Internet daemon | |
1747 | Extended Internet daemon | |
1748 | Extended Internet daemon | |
1749 | Extended Internet daemon |
Use of the High Port Security Level will prevent communications over OpenVPN port 1194. When using Unitrends Cloud, you must use the None (Open All) Port Security Level. Any other options will prevent communications between the Source and the Target Unitrends appliances. |
NOTE: OpenVPN by default transmits over UDP port 1194 unless dictated differently by your Unitrends Onboarding Engineer or Unitrends Cloud Operations.