ONTAP ports overview
Several well-known ports are reserved for ONTAP communications with specific services. Port conflicts occur if a port value in your storage network environment is the same as the value on an ONTAP port.
Inbound traffic
Inbound traffic on your ONTAP storage uses the following protocols and ports:
Protocol |
Port |
Purpose |
---|---|---|
All ICMP |
All |
Pinging the instance |
TCP |
22 |
Secure shell access to the IP address of the cluster management LIF or a node management LIF |
TCP |
80 |
Web page access to the IP address of the cluster management LIF |
TCP/UDP |
111 |
RPCBIND, remote procedure call for NFS |
UDP |
123 |
NTP, network time protocol |
UDP |
135 |
MSRPC, Microsoft remote procedure call |
TCP |
139 |
NETBIOS-SSN, NetBIOS service session for CIFS |
TCP/UDP |
161-162 |
SNMP, simple network management protocol |
TCP |
443 |
Secure web page access to the IP address of the cluster management LIF |
TCP |
445 |
MS Active Domain Services, Microsoft SMB/CIFS over TCP with NetBIOS framing |
TCP/UDP |
635 |
NFS mount to interact with a remote file system as if it were local |
TCP |
749 |
Kerberos |
UDP |
953 |
Name daemon |
TCP/UDP |
2049 |
NFS server daemon |
TCP |
2050 |
NRV, NetApp remote volume protocol |
TCP |
3260 |
iSCSI access through the iSCSI data LIF |
TCP/UDP |
4045 |
NFS lock daemon |
TCP/UDP |
4046 |
Network status monitor for NFS |
UDP |
4049 |
NFS RPC Rquotad |
UDP |
4444 |
KRB524, Kerberos 524 |
UDP |
5353 |
Multicast DNS |
TCP |
10000 |
Backup using Network Data Management Protocol (NDMP) |
TCP |
11104 |
Cluster peering, bi-directional management of intercluster communication sessions for SnapMirror |
TCP |
11105 |
Cluster peering, bi-directional SnapMirror data transfer using intercluster LIFs |
Outbound traffic
Outbound traffic on your ONTAP storage can be set up using basic or advanced rules depending on business needs.
Basic outbound rules
All ports can be used for all outbound traffic over ICMP, TCP, and UDP protocols.
Protocol |
Port |
Purpose |
---|---|---|
All ICMP |
All |
All outbound traffic |
All TCP |
All |
All outbound traffic |
All UDP |
All |
All outbound traffic |
Advanced outbound rules
If you need rigid rules for outbound traffic, you can use the following information to open only those ports that are required for outbound communication by ONTAP.
Active Directory
Protocol |
Port |
Source |
Destination |
Purpose |
---|---|---|---|---|
TCP |
88 |
Node management LIF, data LIF (NFS, CIFS, iSCSI) |
Active Directory forest |
Kerberos V authentication |
UDP |
137 |
Node management LIF, data LIF (NFS, CIFS) |
Active Directory forest |
NetBIOS name service |
UDP |
138 |
Node management LIF, data LIF (NFS, CIFS) |
Active Directory forest |
NetBIOS datagram service |
TCP |
139 |
Node management LIF, data LIF (NFS, CIFS) |
Active Directory forest |
NetBIOS service session |
TCP |
389 |
Node management LIF, data LIF (NFS, CIFS) |
Active Directory forest |
LDAP |
UDP |
389 |
Node management LIF, data LIF (NFS, CIFS) |
Active Directory forest |
LDAP |
TCP |
445 |
Node management LIF, data LIF (NFS, CIFS) |
Active Directory forest |
Microsoft SMB/CIFS over TCP with NetBIOS framing |
TCP |
464 |
Node management LIF, data LIF (NFS, CIFS) |
Active Directory forest |
Change and set the Kerberos V password (SET_CHANGE) |
UDP |
464 |
Node management LIF, Data LIF (NFS, CIFS) |
Active Directory forest |
Kerberos key administration |
TCP |
749 |
Node management LIF, Data LIF (NFS, CIFS) |
Active Directory forest |
Change and set the Kerberos V password (RPCSEC_GSS) |
AutoSupport
Protocol |
Port |
Source |
Destination |
Purpose |
---|---|---|---|---|
TCP |
80 |
Node management LIF |
support.netapp.com |
AutoSupport (only if the transport protocol is changed from HTTPS to HTTP) |
SNMP
Protocol |
Port |
Source |
Destination |
Purpose |
---|---|---|---|---|
TCP/UDP |
162 |
Node management LIF |
Monitor server |
Monitoring by SNMP traps |
SnapMirror
Protocol |
Port |
Source |
Destination |
Purpose |
---|---|---|---|---|
TCP |
11104 |
Intercluster LIF |
ONTAP intercluster LIFs |
Management of intercluster communication sessions for SnapMirror |
Other services
Protocol |
Port |
Source |
Destination |
Purpose |
---|---|---|---|---|
TCP |
25 |
Node management LIF |
Mail server |
SMTP alerts, can be used for AutoSupport |
UDP |
53 |
Node management LIF and data LIF (NFS, CIFS) |
DNS |
DNS |
UDP |
67 |
Node management LIF |
DHCP |
DHCP server |
UDP |
68 |
Node management LIF |
DHCP |
DHCP client for first-time setup |
UDP |
514 |
Node management LIF |
Syslog server |
Syslog forward messages |
TCP |
5010 |
Intercluster LIF |
Backup endpoint or restore endpoint |
Back up and restore operations for the Backup to S3 feature |
TCP |
18600 to 18699 |
Node management LIF |
Destination servers |
NDMP copy |