For a ports diagram, see CTERA Portal Ports Diagram
Inbound Ports
| Port | Protocol | Notes |
|---|---|---|
| 22 | TCP | SSH. CTERA recommends limiting SSH access to specific IP addresses that may require access to the CTERA application servers, for example to perform scheduled maintenance and support related work. |
| 53 | UDP | DNS resolution server (If portal internal DNS server is registered in DNS) |
| 80 | TCP | HTTP (redirects to port 443) |
| 443 | TCP | HTTPS |
| 995 | TCP | CTTP protocol communications with CTERA Edge Filers and agents. For details about CTTP, see What is the CTTP Transport Protocol |
| 8443 | TCP | Communications with CTERA Edge Filers for log collection |
Outbound Ports
| Port | Protocol | Notes |
|---|---|---|
| 25 | TCP | Default SMTP port. This port can be configured on the SMTP server and specified in the portal Web interface |
| 80 | TCP | HTTP |
| 88 | TCP & UDP | If Kerberos is used |
| 111 | TCP | NFS, only required if NFS version 3 storage is used |
| 123 | UDP | NTP (Network Time Protocol) |
| 389 | TCP & UDP | LDAP/LDAP GC (Global Catalog) |
| 443 | TCP | HTTPS |
| 514 | UDP | Default Syslog port. This port can be configured on the Syslog server |
| 636 | TCP | LDAP and LDAP GC with TLS (CTERA recommends using LDAPS and LDAPS GC instead of LDAP and LDAP GC) |
| 1344 | TCP | If using an antivirus server |
| 2049 | TCP | NFS, only required if NFS version 4.x storage is used |
| 3128 | TCP | Default Proxy server port, only required if a proxy server is defined in the global administration, where a different port can be configured |
| 3268 | TCP & UDP | LDAP/LDAP GC (Global Catalog) |
| 3269 | TCP | LDAPS and LDAPS GC (CTERA recommends using LDAPS and LDAPS GC instead of LDAP and LDAP GC) |
| 5671 | TCP | Only required when using the Varonis service. This port can be configured in Varonis Data Security Platform |
| 5696 | TCP | Only required when using the Key Management service to connect to the Key Management Interoperability Protocol (KMIP) server |
| 6514 | TCP | Default Syslog port over TCP/TLS, can be configured on the Syslog server |
| 9094 | TCP | Only required when using CTERA Insight |
Additional Ports Not Requiring Internet Access
The following ports must be opened between the CTERA Portal servers.
| Port | Protocol | Notes |
|---|---|---|
| 22, 443 | TCP | SSH, internal messaging between CTERA Portal servers. |
| 2181, 2888, 3888, 4646, 4647, 5044, 5432, 8081, 8082, 8083, 8088, 9092, 9093, 9094, 9095, 9600, 12181, 19092, 39092 | TCP | Internal communication between CTERA Portal server micro services. Port 5432 is used for PostgreSQL access from all cluster members to the main and replication databases. |
| 4648, 8300, 8301, 8500, 8600 | TCP & UDP | Internal communication between CTERA Portal server micro services. |
| 18682 | TCP | Only required when a Preview server is used. |
Note
CTERA recommends opening a wide port range, 2000-9999, as additional ports might be added with new CTERA Portal versions and the current port numbers might change.
Warning
CTERA Portal operates behind a firewall, and it is important to leave all other ports closed.