napp-it ZFS Storage User Manual page 40

20. Security
Restrict access to management functions
- Web management is done via port 81 for http or port 82 for https
Realtime graphic/ websocket is displayed over port 3000 (https/wss port 36000)
If you enable wss in About > Settings, you must install the SSL/TLS modules, see Jobs > TLS email
If you want to use your own certificate, place it at /var/web-gui/_log/mini_httpd.pem, otherwise
the sample certificate at /var/web-gui/data/tools/httpd/mini_httpd.pem is used
- Remote console via Putty and remote fileaccess via WinSCP is done on SSH port 22
- Replications are done over a random port > 49000
In an unsecure environment, you should restrict the above ports to a secure environment,
either based on a network adapter (link) or based on your networks
Restrict access to file services
- Fileserveices like NFS3 do not offer authentication. Access can be only limited to a fakeable
source ip. This can be a security problem example when you offer NFS for ESXi where your
storage server is accessable over untrusted networks for management or other services.
In an unsecure environment, you should restrict access to services like iSCSI, NFS, SMB or WWW
either based on a network adapter (link) or based on your local networks or single ip adresses.
Firewall settings/ Security panel (available on a valid Pro or Dev edition)
You can use the napp-it Pro security panel to restrict access based on a set of ip adresses or local networks
or based on a network adapter. With napp-it free, set the according rules manually.