A
PPENDIX
B:
CC-SG
AND
N
ETWORK
C
ONFIGURATION
215
Appendix B: CC-SG and Network Configuration
Introduction
This appendix discloses network requirements (addresses, protocols and ports) of a typical CC-
SG (CC-SG) deployment. It includes information about how to configure your network for both
external access (if desired) and internal security and routing policy enforcement (if used). Details
are provided for the benefit of a TCP/IP network administrator, whose role and responsibilities
may extend beyond that of a CC-SG administrator and who may wish to incorporate CC-SG and
its components into a site’s security access and routing policies.
As depicted in the diagram below, a typical CC-SG deployment may have none, some, or all of
the features, for example, a firewall or a Virtual Private Network (VPN). The tables that follow
disclose the protocols and ports that are needed by CC-SG and its associated components, which
are essential to understand especially if firewalls or VPNs are present in your network and access
and security policies are to be enforced by the network.
Executive Summary
In the sections below, a very complete and thorough analysis of the communications and port
usage by CC-SG and its associated components is provided. For those customers who just want to
know what ports to open on a firewall to allow access to CC-SG and the targets that it controls,
the following ports should be opened:
Port
Number
Protocol
Purpose
80
TCP
HTTP Access to CC-SG
443
TCP
HTTPS (SSL) Access to CC-SG
8080
TCP
CC-SG <-> PC Client
2400
TCP
Node Access (Proxy Mode & In-Band Access)
5000
1
TCP
Node Access (Direct Mode)
51000
1
TCP
SX Target Access (Direct Mode)
This list can be further trimmed:
•
Port 80 can be dropped if all access to the CC-SG is via HTTPS addresses.
•
Ports 5000 and 51000 can be dropped if CC-SG Proxy mode is used for any connections from
the firewall(s).
Thus, a minimum configuration only requires three (3) ports [443, 8080, and 2400] to be opened
to allow external access to CC-SG.
In the sections below, the details about these access methods and ports are provided along with
configuration controls and options.
1
These ports need to be opened per Raritan device that will be externally accessed. The other
ports in the table need to be opened only for accessing CC-SG.
Summary of Contents for CC-SG
Page 2: ...This page intentionally left blank...
Page 26: ...12 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank...
Page 46: ...32 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank...
Page 158: ...144 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank...
Page 228: ...214 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE This page intentionally left blank...
Page 236: ......
Page 246: ...232 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Page 248: ...234 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Page 250: ...236 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Page 256: ...242 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...