Luna Network HSM 7 Port Usage
The table below describes the Luna Network HSM 7 appliance's default port settings.
Standard Ports
| Port | Protocol | Feature | Configurable | Session Initiation |
|---|---|---|---|---|
| 22 | TCP | Secure Shell (SSH) | Yes | inbound |
| 123 | UDP | Network Time Protocol (NTP) | No | outbound |
| 161 | UDP | Simple Network Management Protocol (SNMP) daemon | Yes | inbound |
| 162 | UDP | Simple Network Management Protocol (SNMP) trap | Yes (lunash:> sysconf snmp notification add) | outbound |
| 514 | UDP | Remote Syslog Service | Yes | outbound |
| 1501 | TCP | Callback Service (CBS) | No | inbound |
| 9697 | TCP | Callback Service (CBS) | No | inbound (Remote PED enhanced) |
| 1503 | TCP | Remote PED multifactor quorum authentication | Yes | outbound |
| 1792 | TCP | NTLS (Network Trust Link Service)* | No | inbound |
| 5656 | TCP | Secure Trusted Channel (STC)* | No | inbound |
| 8443 | TCP | REST API webserver | Yes | inbound |
* Applications use the client connection to obtain service from the HSM. Service is available only to client systems that are registered with HSM partitions.
Additional Ports
For each remote syslog host that is added (lunash:> syslog remotehost add), three outbound ports are opened for the rsyslogd process to connect to the remote syslog server. These ports are assigned randomly by the Luna Network HSM 7 appliance in the range of 32768-60999.
Cluster Ports
The ports listed below are associated with the cluster service, which is available only if Luna Appliance Software 7.8.0 or newer and the clusters secure package is installed (see Installing or Updating the Cluster Package).
NOTE All the ports below must remain open for communication between cluster members.
| Port | Protocol | Feature | Configurable | Session Initiation |
|---|---|---|---|---|
| 50000 | TCP | Cluster service management (inter-member) | No | inbound/outbound |
| 50005 | TCP | Cluster service configuration (inter-member) | No | inbound/outbound |
| 50052 | TCP | Crypto operations on cluster (default) | Yes (50055-50059) | inbound |
| 50053 | TCP | Cluster administration (inter-member) | No | inbound/outbound |
| 50070 | TCP | Cluster administration (REST API and inter-member) (default) | Yes (50075-50079) | inbound/outbound |
| 50085 | TCP | Cluster messaging service (inter-member) | No | inbound/outbound |
| 50088 | TCP | Cluster messaging service management (inter-member) | No | inbound/outbound |
