CommandCenter Secure Gateway - Deployment Guide - v4.1 - Raritan
CommandCenter Secure Gateway - Deployment Guide - v4.1 - Raritan
CommandCenter Secure Gateway - Deployment Guide - v4.1 - Raritan
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Appendix C: CC-SG and Network Configuration<br />
CC-SG Internal Ports<br />
CC-SG uses several ports for internal functions, and its local firewall<br />
function blocks access to these ports. However, some external scanners<br />
may detect these as “blocked” or “filtered.” External access to these ports<br />
is not required and can be further blocked. The ports currently in use are:<br />
• 1088<br />
• 1098<br />
• 2222<br />
• 4444<br />
• 4445<br />
• 8009<br />
• 8083<br />
• 8093<br />
In addition to these ports, CC-SG may use TCP and UDP ports in the<br />
32xxx (or higher) range. External access to these ports is not required and<br />
can be blocked.<br />
CC-SG Access via NAT-enabled Firewall<br />
If the firewall is using NAT (Network Address Translation) along with PAT<br />
(Port Address Translation), then Proxy mode should be used for all<br />
connections that use this firewall. The firewall must be configured for<br />
external connections to ports 80 (non-SSL) or 443 (SSL), 8080 and 2400<br />
to be forwarded to CC-SG (since the PC Client will initiate sessions on<br />
these ports).<br />
Note: It is not recommended to run non-SSL traffic through a firewall.<br />
Connections using the firewall must be configured to use Proxy mode. See<br />
Connection Modes: Direct and Proxy. CC-SG will connect to the various<br />
targets on behalf of the PC Client requests. However, the CC-SG will<br />
terminate the PC Client to Target TCP/IP connection that comes through<br />
the firewall.<br />
67