Dell EMC Unity firewall Ports for user access, management and replication

I have listed down "Dell EMC Unity firewall Ports for user access, management and replication". Recently, I got a task to setup async replication between Dell unity arrays. Replication interfaces were in the green zone. But management interfaces were behind the firewall.

Dell EMC Unity
Image credit Dell.com - Dell EMC Unity Rear

I was wondering, what all ports would require to make replication connection working across the firewall. I have exported this list from Dell support site and categorized, to help one someone like me in the same situation.

Depending upon your need, you can open these ports on firewall and setup management or replication across unity.

Ports required for Unity Administration

Dell-EMC-unity-administration-ports
PortProtocolServiceCommentsApplicable to
80TCPHTTPUsed for HTTPS management traffic by Management IP WebUI.  Authentication based on local CS users.Administration (occasional)Management IP
123TCP/UDPNTPNetwork Time ProtocolAdministration (occasional)Management IP / NAS Server
443TCPHTTPSUsed for HTTPS management traffic by Management IP WebUI.  Authentication based on local CS users.Administration (occasional)Management IP
4658TCPPAXPortable Archive Interchange (PAX) service is used for tape backup functionalityAdministration (frequent)NAS Server
8000TCPHTTPUsed for HTTPS management traffic by Management IP WebUI.  Authentication based on local CS users.Administration (occasional)Management IP
8443TCPHTTPSUsed for HTTPS management traffic by Management IP WebUI.  Authentication based on local CS users.Administration (occasional)Management IP
9443TCPHTTPSUsed for HTTPS management traffic by Management IP WebUI.  Authentication based on local CS users.Administration (occasional)Management IP

Ports required for Dell Unity End-user access

PortProtocolServiceCommentsApplicable to
53TCP/UDPDNSDomain Name ServicesAdministration (occasional)
End User Access (frequent)
Management IP / NAS Server
88TCP/UDPKerberos TicketActive DirectoryAdministration (occasional)
End User Access (frequent)
Management IP / NAS Server
135TCPrcpbindiSCSIEnd User Access (frequent)Management IP
NAS Server
137UDPNETBIOS Name ServiceNeeded for CIFS.End User Access (frequent)NAS Server
138UDPNETBIOS Datagram ServiceNeeded for CIFS / iSCSIEnd User Access (frequent)Management IP / NAS Server
139TCPNETBIOS Session ServiceNeeded for CIFS.End User Access (frequent)NAS Server
389TCP/UDPLDAPNeeded for NFSV4 / CIFS.End User Access (frequent)Management IP / NAS Server
445TCPMicrosoft-DSSMB/CIFSEnd User Access (frequent)Management IP
NAS Server
464TCP/UDPKerberos PasswordSMB/CIFSEnd User Access (frequent)Management IP
NAS Server
1234TCP/UDPmountNeeded for NFS.End User Access (frequent)NAS Server
2049TCP/UDPNFSNeeded for NFS.End User Access (frequent)NAS Server
3260TCPiSCSIiSCSI Software Target Service.End User Access (frequent)Management IP
3268UDPLDAPNeeded for NFSV4 / CIFS.End User Access (frequent)Management IP / NAS Server

Dell Unity service notification ports

Dell-Unity-notification-ports
PortProtocolServiceCommentsApplicable to
25TCPSMTPSimple Mail Transfer ProtocolService Notification (frequent)Management IP / NAS Server
162TCPSNMP2Simple Network Management ProtocolService Notification (frequent)Management IP
NAS Server
199UDPSNMP2Simple Network Management ProtocolService Notification (frequent)Management IP
NAS Server

Dell Unity System functionality ports

PortProtocolServiceCommentsApplicable to
5080TCPHTTPHTTP is used as a transport medium for Filemover (ILM policy engine to DM; HTTP digest authentication)System Functionality (frequent)Management IP
5085TCPRCPUsed by A-sync replication as Destination Control Port.System Functionality (frequent)NAS Server
10000TCPNDMPNetwork Data Management Protocol.  Can be disabled if NDMP tape backup is not implemented.  Authenticated service.System Functionality (frequent)NAS Server
32768TCP/UDPstatdDynamically allocated. System Functionality (frequent)Management IP / NAS Server
39494TCP/UDPlockdDynamically allocated. System Functionality (frequent)Management IP / NAS Server
49152 - 65335TCP/UDPstatd, rquotad, lockd, MAC, NFS client, NIS serverDynamic/PrivateSystem Functionality (frequent)Management IP / NAS Server

Dell Unity Async and Sync Replication ports

Dell-EMC-unity-Replication-Firewall-ports

Async replication ports on unity

InterfaceProtocolPort
Unisphere mgmt IpTCP443
ReplicationTCP5085
ReplicationTCP8888

Sync replication ports on Unity

InterfaceProtocolPort
Unisphere mgmt IpTCP443
ReplicationTCP5085

It's not advisable to keep replication interfaces behind a firewall. In case, only your Unity management IP's are behind a firewall. Then you can ask your firewall team to open TCP 443 port bidirectional. So that, it can discover other site unity array and can make replication connection. Make sure your replication interfaces are in the green zone.

Dell Unity troubleshooting ports

PortProtocolServiceCommentsApplicable to
20TCPFTPFTP data transfer port.  Close port by disabling FTP.Troubleshooting (frequent)
End User Access (infrequent)
Management IP / NAS Server
21TCPFTPFTP control port.  FTP listens on this port for incoming requests. Disable via netd file.Troubleshooting (frequent)
End User Access (infrequent)
Management IP / NAS Server
22TCPSSHRemote access to systemTroubleshooting (frequent)Management IP

Conclusion

The above list covers approximately all Dell EMC unity firewall ports with functionality details. Let me know by your comments if you found any port, which is missing or should be included.

See you soon in some other helpful post.

Recommended reading

Unity - RPA Stale entries removal

Pure Storage Flash Array VMware best practise