What firewall ports are used by Unitrends Support to support your Appliance or UEB, Client to Appliance communications, Source to Target replication, and internal management of your Appliance/UEB?

SUMMARY

What firewall ports are used by Unitrends Support to support your Appliance or UEB, Client to Appliance communications, Source to Target replication, and internal management of your Appliance/UEB?

ISSUE

Purpose

The purpose of this article is to answer the question - What firewall ports are used by Unitrends Support to support your Appliance or UEB, Client to Appliance communications, Source to Target replication, and internal management of your Appliance/UEB?

Description

Below are a list of Ports, Protocols, and Reason to have that allowed within your environment.

Cause

Failure to allow these ports will mean loss of functionality which relies on that port.

Resolution

In general, Unitrends suggests that you have the manager / replication target be the OpenVPN server and that the managee / replication source be the OpenVPN client in the relationship before remote management is configured.  By doing so, only UDP port 1194 needs to be open in the firewall(s) between the two appliances for both directions.  This why all other traffic will be transferred via the OpenVPN tunnel. The items highlighted in RED are important and the minimum to ensure proper Unitrends support.

Port     Protocol - Reason

1         TCP - Only needed during setup
22        TCP - Vaulting only
111       TCP – Port mapping protocol used by the NFS service.
137       TCP – NetBIOS name service used this port to start sessions.
137       TCP – NetBIOS name service used this port to start sessions.
222       TCP – Secure Support Tunnel (Outbound Only is OK)
80        TCP - Replication only
443       TCP – SSL (Web Recovery Console)
1194      TCP+UDP – OpenVPN
1743      TCP - Unitrends control port(between the Unitrends system and its protected clients)
1745-1749 TCP - Unitrends data ports (between the Unitrends system and its protected clients)
 REPLICATION  - On both systems, be sure to set Settings>System, Updates, and Licensing>General Configuration [Advanced]>Configuration Options> data=1745
5432      TCP – PostgresSQL

 

The following Fully Qualified Domain Names need to be allowed for proper Support of your Appliance/UEB.

  FQDN     -
     Reason

tunnel.unitrends.comadd to allow/safe list this URL, as it is the Secure Support Tunnel Server.
update.ftp.unitrends.com – add to allow/safe list this URL, as it is the Unitrends Upgrade Server.
telemetry.unitrends.com - add to allow/safe list this URL, as it provides Elastic Stack (ELK) support.

Third-Party Sources

Please consult with the manufacturer of your Security solution for assistance with configuration and managment of ports, allow and deny rules.

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section