5 1 0:List of Ports Used by SEP sesam

From SEPsesam
Other languages:


Docs latest icon.png Welcome to the latest SEP sesam documentation version 5.1.0 Apollon. For previous documentation version(s), check documentation archive.


Overview


SEP sesam client-server communication requires certain TCP ports to be open to enable SEP sesam components to communicate with each other through a firewall. Daemons are specific to the SEP sesam Client/SEP sesam Server/RDS installation and are using different port numbers.

The required ports may be SEP sesam version-specific. As of version ≥ 4.4.3 Beefalo, SEP sesam uses fewer ports by default than in previous versions:

Ensure that all required ports are available on the system for SEP sesam daemons and are not blocked by a firewall; these ports must not be assigned to another service. If the required ports are not available, SEP sesam will not function correctly.

Additionally, you might need to open relevant network ports to ensure communication between SEP sesam Server or SEP sesam data mover and additional modules, e.g., VMware vSphere, NDMP, etc. A list of module-related ports can be found below in the section Module-related ports.

Used default ports

If a firewall is used, only the following TCP ports must be allowed for SEP sesam backup. SEP recommends SMSSH for secure control communication between SEP sesam Server and SEP sesam Clients/RDS and the HTTP protocol for data transfer from SEP sesam Client to SEP sesam device server. SMSSH and HTTP are the default protocols if no other protocol is specified in the client configuration and in the various events (backup/restore/migration etc.).

Component/Description Direction Source port Destination port Protocol Configuration in the GUI
SEP sesam Server
SMSSH: Encrypted communication to the client outbound random 11322 TCP/SSH Client properties -> Access Mode -> select SMSSH
Backup data over HTTP inbound random 11000 TCP/HTTP Client properties -> Interfaces -> enter <http://hostname:11000>
SEP sesam Client
SMSSH: Encrypted communication to the client inbound random 11322 TCP/SSH Client properties -> Access Mode -> select SMSSH
Backup data over HTTP outbound random 11000 TCP/HTTP Client properties -> Interfaces -> enter <http://hostname:11000>
SEP sesam Remote Device Server
SMSSH: Encrypted communication to the client inbound random 11322 TCP/SSH Client properties -> Access Mode -> select SMSSH
Backup data over HTTP inbound random 11000 TCP/HTTP Client properties -> Interfaces -> enter <http://hostname:11000>

SEP sesam complete ports list

The following is the complete list of ports used by SEP sesam. You only need to open the ports in your firewall that you use. If you decide to configure all control communication via SMSSH, you do not need to open CTRL port 11301 in the firewall.

Port numbers for SEP sesam Server

Port number Description Configuration in the GUI/Example
11301 CTRL: Unencrypted communication to client Client properties -> Access Mode -> select CTRL
11322 SMSSH: Encrypted communication to the client Client properties -> Access Mode -> select SMSSH
11001 Data over FTP Client properties -> Interfaces -> enter <hostname> or <ftp://<hostname>:11001>
11000 Data over HTTP Client properties -> Interfaces -> enter <http://hostname:11000>
11443 Data over HTTPS Client properties -> Interfaces -> enter <https://hostname:11443>
11002-11007 Port range for 3 parallel data transfers via FTP Client properties -> Options tab -> Firewall Settings -> enter the port range in the STPD options
11701+drive number Replication and source-side deduplication (SDS) port For example:
  • If you replicate from dedup drive 2 (source) to RDS drive 5 (target), the port is 11703 (daemon on machine with drive 2).
  • If you replicate from dedup drive 5 (source) to RDS drive 2 (target), the port is 11706 (daemon on machine with drive 5).
11401 GUI/WEB UI (RMI) listen port
Information sign.png Note
For external backups (BSR, SAP, Informix, MaxDB ...) the client must always be able to reach the SEP sesam Server via ports 11000 (for HTTP backups), 11443 (for HTTPS backups) and 11001 (for FTP backups), and not only the RDS. This must be taken into account in the firewall rules.

Port numbers for SEP sesam Remote Device Server

Port number Description Configuration in the GUI/Example
11301 CTRL: Unencrypted communication to client Client properties -> Access Mode -> select CTRL
11322 SMSSH: Encrypted communication to the client Client properties -> Access Mode -> select SMSSH
11001 Data over FTP Client properties -> Interfaces -> enter <hostname> or <ftp://hostname:11001>
11000 Data over HTTP Client properties -> Interfaces -> enter <http://hostname:11000>
11443 Data over HTTPS Client properties -> Interfaces -> enter <https://hostname:11443>
11002-11007 Port range for 3 parallel data transfers via FTP Client properties -> Options tab -> Firewall Settings -> enter the port range in the STPD options
11701+drive number Replication and source-side deduplication (SDS) port For example:
  • If you replicate from dedup drive 2 (source) to RDS drive 5 (target), the port is 11703 (daemon on machine with drive 2).
  • If you replicate from dedup drive 5 (source) to RDS drive 2 (target), the port is 11706 (daemon on machine with drive 5).
Additional ports for SEP sesam Remote Device Server with GUI
- no incoming ports for GUI on RDS

Port numbers for SEP sesam Client

Port number Description Configuration in the GUI/Example
11301 CTRL: Unencrypted communication to client Client properties -> Access Mode -> select CTRL
11322 SMSSH: Encrypted communication to client Client properties -> Access Mode -> select SMSSH
11002-11007 Port range for 3 parallel data transfers via FTP Client properties -> Options tab -> Firewall Settings -> enter the port range in the STPD options

Port numbers for SEP sesam GUI PC (not SEP sesam Server)

Port number Description Configuration in the GUI/Example
- no incoming ports to GUI PC
Additional ports for SEP sesam GUI PC with installed SEP sesam Client
11301 CTRL: Unencrypted communication to client Client properties -> Access Mode -> select CTRL
11322 SMSSH: Encrypted communication to the client Client properties -> Access Mode -> select SMSSH
11002-11007 Port range for 3 parallel data transfers via FTP Client properties -> Options tab -> Firewall Settings -> enter the port range in the STPD options

Module-related ports

The following tables show the required network ports used for communication (connection or data transfer) between SEP sesam Server or SEP sesam data mover and extra modules.

Port numbers for VMware vSphere

From To Description Port number Protocol
SEP sesam Server vSphere (vCenter/ESXi) Connection to vCenter Server or ESXi Server 443 HTTPS/TCP
SEP sesam data mover vSphere (vCenter/ESXi) Connection to vCenter Server or ESXi Server 443 HTTPS/TCP
SEP sesam data mover ESXi server Data transfer to ESXi host 902 TCP

Port numbers for Citrix XenServer

From To Description Port number Protocol
SEP sesam data mover Citrix XenServer Connection to Citrix XenServer 443 HTTPS/TCP
SEP sesam data mover Citrix XenServer Required for backups with CBT 10809 HTTPS/TCP

Port numbers for NDMP

From To Description Port number Protocol
SEP sesam data mover NDMP server Data transfer between components
(for NetApp see also NDMP firewall settings)
10000 NDMP

Port numbers for HPE StoreOnce

From To Description Port number Protocol
SEP sesam Server HPE StoreOnce Default command port; for communication with HPE StoreOnce 9387 TCP
SEP sesam Server HPE StoreOnce Default data port; for communication with HPE StoreOnce 9388 TCP


See also

Configuring ClientsFirewallsAntivirus Exclusions for SEP sesam

Copyright © SEP AG 1999-2024. All rights reserved.
Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.