Skip to main content

Protocol and port security

Contributors netapp-aherbin netapp-dbagwell
PDFs

In addition to performing on-box security operations and functions, the hardening of a solution must also include off-box security mechanisms. Leveraging additional infrastructure devices, such as firewalls, intrusion prevention systems (IPSs), and other security devices, for filtering and limiting access to ONTAP is an effective way to establish and maintain a stringent security posture. This information is a key component for filtering and limiting access to the environment and its resources.

Commonly used protocols and ports

Service Port/Protocol Description

SSH

22/TCP

SSH login

telnet

23/TCP

Remote login

Domain

53/TCP

Domain Name Server

HTTP

80/TCP

80/UDP

HTTP

rpcbind

111/TCP
111/UDP

Remote procedure call

NTP

123/UDP

Network Time Protocol

msrpc

135/UDP

Microsoft Remote Procedure Call

Netbios-name

137/TCP
137/UDP

NetBIOS name service

netbios-ssn

139/TCP

NetBIOS service session

SNMP

161/UDP

SNMP

HTTPS

443/TCP

Secure link:http

microsoft-ds

445/TCP

Microsoft directory services

IPsec

500/UDP

Internet Protocol Security

mount

635/UDP

NFS mount

named

953/UDP

Name daemon

NFS

2049/UDP
2049/TCP

NFS server daemon

nrv

2050/TCP

NetApp remote volume protocol

iscsi

3260/TCP

iSCSI target port

Lockd

4045/TCP
4045/UDP

NFS lock daemon

NFS

4046/TCP

NFS mountd protocol

acp-proto

4046/UDP

Accounting protocol

rquotad

4049/UDP

NFS rquotad protocol

krb524

4444/UDP

Kerberos 524

IPsec

4500/UDP

Internet Protocol Security

acp

5125/UDP
5133/UDP
5144/TCP

Alternate control port for disk

Mdns

5353/UDP

Multicast DNS

HTTPS

5986/UDP

HTTPS port: listening binary protocol

TELNET

8023/TCP

Node-scope Telnet

HTTPS

8443/TCP

7MTT GUI tool through link:httpS

RSH

8514/TCP

Node-scope RSH

KMIP

9877/TCP

KMIP client port (internal local host only)

ndmp

10000/TCP

NDMP

cifs witness port

40001/TCP

CIFS witness port

TLS

50000/TCP

Transport layer security

Iscsi

65200/TCP

iSCSI port

SSH

65502/TCP

Secure Shell

vsun

65503/TCP

vsun

NetApp internal ports

Port/Protocol Description

900

NetApp cluster RPC

902

NetApp cluster RPC

904

NetApp cluster RPC

905

NetApp cluster RPC

910

NetApp cluster RPC

911

NetApp cluster RPC

913

NetApp cluster RPC

914

NetApp cluster RPC

915

NetApp cluster RPC

918

NetApp cluster RPC

920

NetApp cluster RPC

921

NetApp cluster RPC

924

NetApp cluster RPC

925

NetApp cluster RPC

927

NetApp cluster RPC

928

NetApp cluster RPC

929

NetApp cluster RPC

931

NetApp cluster RPC

932

NetApp cluster RPC

933

NetApp cluster RPC

934

NetApp cluster RPC

935

NetApp cluster RPC

936

NetApp cluster RPC

937

NetApp cluster RPC

939

NetApp cluster RPC

940

NetApp cluster RPC

951

NetApp cluster RPC

954

NetApp cluster RPC

955

NetApp cluster RPC

956

NetApp cluster RPC

958

NetApp cluster RPC

961

NetApp cluster RPC

963

NetApp cluster RPC

964

NetApp cluster RPC

966

NetApp cluster RPC

967

NetApp cluster RPC

7810

NetApp cluster RPC

7811

NetApp cluster RPC

7812

NetApp cluster RPC

7813

NetApp cluster RPC

7814

NetApp cluster RPC

7815

NetApp cluster RPC

7816

NetApp cluster RPC

7817

NetApp cluster RPC

7818

NetApp cluster RPC

7819

NetApp cluster RPC

7820

NetApp cluster RPC

7821

NetApp cluster RPC

7822

NetApp cluster RPC

7823

NetApp cluster RPC

7824

NetApp cluster RPC