Appendix B: CC-SG and Network Configuration
355
Communication
Direction
Port Number
Protocol
Configurable?
Details
CC-SG to SNMP
Manager
162
UDP
yes
SNMP standard
CC-SG Internal Ports
CC-SG uses several ports for internal functions, and its local firewall
function blocks access to these ports. However, some external scanners
may detect these as “blocked” or “filtered.” External access to these
ports is not required and can be further blocked. The ports currently in
use are:
1088
1098
2222
4444
4445
8009
8083
8093
In addition to these ports, CC-SG may use TCP and UDP ports in the
32xxx (or higher) range. External access to these ports is not required
and can be blocked.
CC-SG Access via NAT-enabled Firewall
If the firewall is using NAT (Network Address Translation) along with PAT
(Port Address Translation), then Proxy mode should be used for all
connections that use this firewall. The firewall must be configured for
external connections to ports 80 (non-SSL) or 443 (SSL), 8080 and 2400
to be forwarded to CC-SG since the PC Client will initiate sessions on
these ports.
Note: It is not recommended to run non-SSL traffic through a firewall.
Connections using the firewall must be configured to use Proxy mode.
See
Connection Modes: Direct and Proxy
(on page 250). CC-SG will
connect to the various targets on behalf of the PC Client requests.
However, the CC-SG will terminate the PC Client to Target TCP/IP
connection that comes through the firewall.
RDP Access to Nodes
Port 3389 must be open for RDP access to nodes.