6.2. Firewall settings
When setting up your firewall, you should ensure that the port settings are compatible
with the HSMs and allow access to the system components you are using. The following
table identifies the ports used by the nShield system components. All listed ports are the
default setting. Other ports may be defined during system configuration, according to
the requirements of your organization.
Component
Default
Port
Use
Hardserver
9000
Internal non-privileged connections from Java
applications including KeySafe
Hardserver
9001
Internal privileged connections from Java applications
including KeySafe
Hardserver
9004
Incoming impath connections from other hardservers,
e.g.:
• From a cooperating client to the remote file system
it is configured to access
• From a non-attended host machine to an attended
host machine when using Remote Operator
Remote
Administration
Service
9005
Incoming connections from Remote Administration
Clients
Audit Logging
syslog
514
If you plan to use the Audit Logging facility with remote
syslog or SIEM applications, you need to allow outgoing
connections to the configured UDP port
If you are using an nShield Edge as a Remote Operator slot for an HSM located
elsewhere, you need to open port 9004. You may restrict the IP addresses to those you
expect to use this port. You can also restrict the IP addresses accepted by the hardserver
in the configuration file. See the
User Guide
for your module and operating system for
more about configuration files. Similarly if you are setting up the Remote Administration
Service you need to open port 9005.
nShield® Solo and nShield® Solo XC Installation Guide
19 of 49
