EMC Unity Family Security Configuration Manual page 40

Communication Security
Service Protocol
NETBIOS UDP
Datagram Service
(SMB)
NETBIOS Session TCP/UDP
Service (SMB)
LDAP TCP/UDP
HTTPS TCP
Kerberos TCP/UDP
Remote Syslog UDP
LDAPS TCP/UDP
VMware TCP
SOCKS TCP
mountd (NFS) TCP/UDP
NFS TCP/UDP
HTTP TCP
iSNS TCP
iSCSI TCP
EMC Unity All Flash, EMC Unity Hybrid, EMC UnityVSA 4.0 Security Configuration Guide
40
Table 11 Network connections that may be initiated by the storage system (continued)
Port
138
139
a
389
443
464
a
514
a
636
843
1080
1234
2049
3128
3205
3260
Description
The NETBIOS Datagram Service is associated with the
storage system SMB file sharing services and is a core
component of that feature. Only Browse service is used. If
disabled, this port disables Browsing capability.
The NETBIOS Session Service is associated with storage
system SMB file sharing services and is a core component of
that functionality. If SMB services are enabled, this port is
open. It is specifically required for earlier versions of the
Windows OS (pre-Windows 2000). Clients with legitimate
access to the storage system SMB services must have
network connectivity to the port for continued operation.
Unsecure LDAP queries. If closed, Unsecure LDAP
authentication queries will be unavailable. Secure LDAP is
configurable as an alternative.
HTTPS traffic to the Unisphere and Unisphere CLI, and for
secure remote services when ESRS is enabled and Integrated
ESRS is configured on the storage system. If closed,
communication with the array will be unavailable.
Provides Kerberos Password Change and Set. If closed,
impacts SMB.
Syslog - Log system messages to a remote host. You can
configure the host port that the system uses.
Secure LDAP queries. If closed, secure LDAP authentication
will be unavailable.
VMawareness - Allows VMware SDK communication with
vSphere. If closed, VCenter/ESX discovery will be unavailable.
When ESRS is enabled and Integrated ESRS is configured on
the storage system, and a firewall is employed between the
storage system and a Proxy server. If closed, communication
with the array will be unavailable.
Used for the mount service, which is a core component of the
NFS service (versions 2, 3, and 4) and is an important
component of the SP to NAS Server interaction.
Used to provide NFS services.
When ESRS is enabled and Integrated ESRS is configured on
the storage system, and a firewall is employed between the
storage system and a Proxy server. If closed, communication
with the array will be unavailable.
Used to send Internet storage naming service (iSNS)
registrations to the iSNS server.
Provides access to iSCSI services. If closed, file-based iSCSI
services will be unavailable.