-
タイトル
SSB Firewall Port Configuration: Essential Ports for Connectivity -
説明
This document outlines the necessary firewall port configurations for SSB operation in addition to standard syslog source and destination operations. It provides details on the specific ports that the SSB relies on for various functionalities.
-
対策
To ensure proper functionality and connectivity of your SSB appliance, configure your firewall to allow incoming connections on the following ports:
Required Open Ports
1. SSH: TCP port 222. SNMPTRAP: UDP port 162
3. WebUI / RPC API:
TCP port 80
TCP port 4434. NFS:
UDP/TCP port 111
UDP/TCP port 775
UDP/TCP port 20495. SMB:
TCP port 139
TCP port 4456. High Availability (HA) - eth3 interface only:
TCP port 22
UDP port 694Security Considerations
1. Use strong encryption
Implement 2048-bit RSA keys (or stronger), AES-256-CBC cipher (or stronger), and SHA-256 hash algorithm (or stronger) for secure communications.2. Enable mutual authentication
When configuring log sources, log destinations, or LDAP user databases, use mutual authentication whenever possible.3. Use TLS for log sources
Configure each log source to use TLS transport, IETF-syslog protocol, required-trusted peer verification, and secure cipher suite.4. Restrict administrative access
Allow SSB administration only from trusted networks.5. Implement strong password policies
Use passwords with at least 12 characters, including a mix of character types.By properly configuring these ports and following the security recommendations, you will enable the SSB to receive necessary connections for its various functions while maintaining a secure environment for log management operations.
Additional information is available in the Security Checklist for configuring SSB, provided in our technical documentation, accessible at
https://support.oneidentity.com/technical-documents