Firewalls
Ports used by SEP Sesam
When using the standard configuration for SEP Sesam the following TCP ports must be open:
Server:
- stpd 11000-11001
- remote-gui 11401
Client:
- ctrl 11301
- data 1025-65535 (can be limited with the custom ports option below)
Standard Connection Process:
- The Sesam server opens a connection to port 11301 on client
- The Sesam client opens a connection to port 11001 on Sesam server (or remote device server).
- The Sesam server opens a connection to a random port above 1024 on the client.
Custom Ports for firewalled/nat/wan/vpn clients:
- Edit the properties of the client (Components > Topology)
- Switch to the "Options" tab
- Add 11001-11007 to specify a port range, 2 ports are required for each stream, these reduce your "data" ports above
- Enable access to these ports from the sesam server to the client in the client and/or edge firewall(s)
Example rules for linux:
Firewalld based configuration:
The firewalld equivalent of second rule is (effectively a whitelist for all tcp ports):
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" protocol value="tcp" source address="10.18.214.7/32" accept'
firewall-cmd --reload
firewall-cmd --list-all
public (default, active)
interfaces: enp4s0f0 enp4s0f1 enp4s0f1.20 ib0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="10.18.214.7/32" protocol value="tcp" accept
Request Call
Leave us your information and we will reach out to you shortly!
Media Library
Browse videos from SEP's YouTube channel.
 |
 |
 |
 |