Skip to main content

External communications

Contributors netapp-pcarriga netapp-lhalbert netapp-maireadn

Clients need to communicate with grid nodes to ingest and retrieve content. The ports used depends on the object storage protocols chosen. These ports need to be accessible to the client.

Restricted access to ports

If enterprise networking policies restrict access to any of the ports, you can do one of the following:

Ports used for external communications

The following table shows the ports used for traffic into the nodes.

Note This list does not include ports that might be configured as load balancer endpoints.
Port TCP or UDP Protocol From To Details

22

TCP

SSH

Service laptop

All nodes

SSH or console access is required for procedures with console steps. Optionally, you can use port 2022 instead of 22.

25

TCP

SMTP

Admin Nodes

Email server

Used for alerts and email-based AutoSupport. You can override the default port setting of 25 using the Email Servers page.

53

TCP/ UDP

DNS

All nodes

DNS servers

Used for DNS.

67

UDP

DHCP

All nodes

DHCP service

Optionally used to support DHCP-based network configuration. The dhclient service does not run for statically-configured grids.

68

UDP

DHCP

DHCP service

All nodes

Optionally used to support DHCP-based network configuration. The dhclient service does not run for grids that use static IP addresses.

80

TCP

HTTP

Browser

Admin Nodes

Port 80 redirects to port 443 for the Admin Node user interface.

80

TCP

HTTP

Browser

Appliances

Port 80 redirects to port 8443 for the StorageGRID Appliance Installer.

80

TCP

HTTP

Storage Nodes with ADC

AWS

Used for platform services messages sent to AWS or other external services that use HTTP. Tenants can override the default HTTP port setting of 80 when creating an endpoint.

80

TCP

HTTP

Storage Nodes

AWS

Cloud Storage Pools requests sent to AWS targets that use HTTP. Grid administrators can override the default HTTP port setting of 80 when configuring a Cloud Storage Pool.

111

TCP/ UDP

RPCBind

NFS client

Admin Nodes

Used by NFS-based audit export (portmap).

Note: This port is required only if NFS-based audit export is enabled.

Note: Support for NFS has been deprecated and will be removed in a future release.

123

UDP

NTP

Primary NTP nodes

External NTP

Network time protocol service. Nodes selected as primary NTP sources also synchronize clock times with the external NTP time sources.

161

TCP/ UDP

SNMP

SNMP client

All nodes

Used for SNMP polling. All nodes provide basic information; Admin Nodes also provide alert data. Defaults to UDP port 161 when configured.

Note: This port is only required, and is only opened on the node firewall if SNMP is configured. If you plan to use SNMP, you can configure alternate ports.

Note: For information about using SNMP with StorageGRID, contact your NetApp account representative.

162

TCP/ UDP

SNMP Notifications

All nodes

Notification destinations

Outbound SNMP notifications and traps default to UDP port 162.

Note: This port is only required if SNMP is enabled and notification destinations are configured. If you plan to use SNMP, you can configure alternate ports.

Note: For information about using SNMP with StorageGRID, contact your NetApp account representative.

389

TCP/ UDP

LDAP

Storage Nodes with ADC

Active Directory/LDAP

Used for connecting to an Active Directory or LDAP server for Identity Federation.

443

TCP

HTTPS

Browser

Admin Nodes

Used by web browsers and management API clients for accessing the Grid Manager and Tenant Manager.

Note: If you close Grid Manager ports 443 or 8443, any users currently connected on a blocked port, including you, will lose access to Grid Manager unless their IP address has been added to the Privileged address list. See Configure firewall controls to configure privileged IP addresses.

443

TCP

HTTPS

Admin Nodes

Active Directory

Used by Admin Nodes connecting to Active Directory if single sign-on (SSO) is enabled.

443

TCP

HTTPS

Storage Nodes with ADC

AWS

Used for platform services messages sent to AWS or other external services that use HTTPS. Tenants can override the default HTTP port setting of 443 when creating an endpoint.

443

TCP

HTTPS

Storage Nodes

AWS

Cloud Storage Pools requests sent to AWS targets that use HTTPS. Grid administrators can override the default HTTPS port setting of 443 when configuring a Cloud Storage Pool.

903

TCP

NFS

NFS client

Admin Nodes

Used by NFS-based audit export (rpc.mountd).

Note: This port is required only if NFS-based audit export is enabled.

Note: Support for NFS has been deprecated and will be removed in a future release.

2022

TCP

SSH

Service laptop

All nodes

SSH or console access is required for procedures with console steps. Optionally, you can use port 22 instead of 2022.

2049

TCP

NFS

NFS client

Admin Nodes

Used by NFS-based audit export (nfs).

Note: This port is required only if NFS-based audit export is enabled.

Note: Support for NFS has been deprecated and will be removed in a future release.

5353

UDP

mDNS

All nodes

All nodes

Provides the multicast DNS (mDNS) service that is used for full-grid IP changes and for primary Admin Node discovery during installation, expansion, and recovery.

5696

TCP

KMIP

Appliance

KMS

Key Management Interoperability Protocol (KMIP) external traffic from appliances configured for node encryption to the Key Management Server (KMS), unless a different port is specified on the KMS configuration page of the StorageGRID Appliance Installer.

8022

TCP

SSH

Service laptop

All nodes

SSH on port 8022 grants access to the base operating system on appliance and virtual node platforms for support and troubleshooting. This port is not used for Linux-based (bare metal) nodes and is not required to be accessible between grid nodes or during normal operations.

8443

TCP

HTTPS

Browser

Admin Nodes

Optional. Used by web browsers and management API clients for accessing the Grid Manager. Can be used to separate Grid Manager and Tenant Manager communications.

Note: If you close Grid Manager ports 443 or 8443, any users currently connected on a blocked port, including you, will lose access to Grid Manager unless their IP address has been added to the Privileged address list. See Configure firewall controls to configure privileged IP addresses.

9022

TCP

SSH

Service laptop

Appliances

Grants access to StorageGRID appliances in pre-configuration mode for support and troubleshooting. This port is not required to be accessible between grid nodes or during normal operations.

9091

TCP

HTTPS

External Grafana service

Admin Nodes

Used by external Grafana services for secure access to the StorageGRID Prometheus service.

Note: This port is required only if certificate-based Prometheus access is enabled.

9092

TCP

Kafka

Storage Nodes with ADC

Kafka cluster

Used for platform services messages sent to a Kafka cluster. Tenants can override the default Kafka port setting of 9092 when creating an endpoint.

9443

TCP

HTTPS

Browser

Admin Nodes

Optional. Used by web browsers and management API clients for accessing the Tenant Manager. Can be used to separate Grid Manager and Tenant Manager communications.

18082

TCP

HTTPS

S3 clients

Storage Nodes

S3 client traffic directly to Storage Nodes (HTTPS).

18083

TCP

HTTPS

Swift clients

Storage Nodes

Swift client traffic directly to Storage Nodes (HTTPS).

18084

TCP

HTTP

S3 clients

Storage Nodes

S3 client traffic directly to Storage Nodes (HTTP).

18085

TCP

HTTP

Swift clients

Storage Nodes

Swift client traffic directly to Storage Nodes (HTTP).

23000-23999

TCP

HTTPS

All nodes on the source grid for cross-grid replication

Admin Nodes and Gateway Nodes on the destination grid for cross-grid replication

This range of ports is reserved for grid federation connections. Both grids in a given connection use the same port.