Luna Network HSM 7 Port Usage
The table below describes the Luna Network HSM 7 appliance's default port settings.
Standard Ports
Port | Protocol | Feature | Configurable | Session Initiation |
---|---|---|---|---|
22 | TCP | Secure Shell (SSH) | Yes | inbound |
123 | UDP | Network Time Protocol (NTP) | No | outbound |
161 | UDP | Simple Network Management Protocol (SNMP) daemon | Yes | inbound |
162 | UDP | Simple Network Management Protocol (SNMP) trap | Yes (lunash:> sysconf snmp notification add) | outbound |
514 | UDP | Remote Syslog Service | Yes | outbound |
1501 | TCP | Callback Service (CBS) | No | inbound |
9697 | TCP | Callback Service (CBS) | No | inbound (Remote PED enhanced) |
1503 | TCP | Remote PED multifactor quorum authentication | Yes | outbound |
1792 | TCP | NTLS (Network Trust Link Service)* | No | inbound |
5656 | TCP | Secure Trusted Channel (STC)* | No | inbound |
8443 | TCP | REST API webserver | Yes | inbound |
* Applications use the client connection to obtain service from the HSM. Service is available only to client systems that are registered with HSM partitions.
Additional Ports
For each remote syslog host that is added (lunash:> syslog remotehost add), three outbound ports are opened for the rsyslogd process to connect to the remote syslog server. These ports are assigned randomly by the Luna Network HSM 7 appliance in the range of 32768-60999.
Cluster Ports
The ports listed below are associated with the cluster service, which is available only if the cluster secure package is installed (see Updating the Cluster). Thales requires minimum Luna Appliance Software 7.8.5 with the lnh_cluster-1.0.4 package, Luna HSM Firmware 7.8.4, and Luna HSM Client 10.7.2 to use clusters in production environments.
NOTE All the ports below must remain open for communication between cluster members.
Port | Protocol | Feature | Configurable | Session Initiation |
---|---|---|---|---|
50000 | TCP | Cluster service management and inter-member discovery | No | inbound/outbound |
50005 | TCP | Cluster service configuration and inter-member communication | No | inbound/outbound |
50052 | TCP | Crypto operations on cluster (default) | Yes (50055-50059) | inbound |
50053 | TCP | Cluster administration (inter-member) | No | inbound/outbound |
50070 | TCP | Cluster administration (REST API and inter-member) (default) | Yes (50075-50079) | inbound/outbound |
50085 | TCP | Cluster messaging service (inter-member) | No | inbound/outbound |
50088 | TCP | Cluster messaging service management (inter-member) | No | inbound/outbound |