| Port | Protocol | Direction | Eyeglass Release | Product Requires the ports open | Function |
| Operating System Open Suse 15.1 | It is customer responsibility to patch the operating system and allow Internet repository access for automatic patching. The OS is not covered by the support agreement. | ||||
| DNS port 53 UDP | DNS | Eyeglass --> DNS server Eyeglass --> GroupNet DNS configured on all clusters | All | Functional DNS is a requirement for multiple validations needed for failover and Failover Readiness | |
| Phone Home Monitoring TLS 443 | TCP TLS 1.2 | Eyeglass appliance --> Internet | All | DR Monitoring service remote monitoring OR phone home remote log upload for support and health checks for Ransomware Defender, Easy Auditor and Performance Auditor products. See phone home Internet ports that need to be opened below. | |
| NTP 123 | UDP | Eyeglass appliance --> NTP server in your environment | All | Time sync should use same NTP as the clusters. Should always disable vmware host VM time sync option. | |
| SMTP 25 | TCP | Eyeglass appliance --> Mail server in your environment | All | Email of alarms from Eyeglass to your mail server | |
| OS Repo for Security patches 80 http | TCP | Eyeglass appliance --> open suse mirror repositories | All |
| |
| HTTPS over port 8080 | TCP TLS 1.2 | Eyeglass appliance → Isilon/PowerScale cluster | All | REST API is authenticated using the service account created here. Authentication uses Isilon session authentication method. | |
| SSH port 22 | AES | Eyeglass appliance → Isilon/PowerScale cluster | All | SSH access for some CLI commands | |
| NFS TCP, UDP 111, 2049 (in some environments UDP 300) | TCP & UDP | ECA → Isilon Cluster | Ransomware Defender, Easy Auditor, Performance Auditor | Audit Data Ingestion | |
| 9090 | TCP | Eyeglass → ECA clusters | 2.5.8 update 1 | Ransomware Defender, Easy Auditor, Performance Auditor | Prometheus Database for event stats |
| Syslog for ECA clusters to send logs to Eyeglass using port 5514 | TCP | ECA clusters → Eyeglass Appliance | Ransomware Defender, Easy Auditor, Performance Auditor | Syslog (non standard port) used to send ECA cluster VM logs to Eyeglass for support logs (enabled in Eyeglass can be disabled, if no ECA deployed). | |
| HTTPS 443 | TCP TLS 1.2 AES - unsigned certificate | admin pc browser → appliance | All | Secures client to browser access. | |
| target port 80 → destination random TCP source port on the browser | only used to redirect to 443 , can be blocked if needed | admin pc browser → appliance | All (optional) | If connection on ip address port 80 is made a http 301,302 redirect is returned on port 80 to switch the browser to https and url https:/x.x.x.x/eyeglass. NOTE: No services run on port 80 and this is only used to redirect to port 443 HTTPS | |
| https 2011 websocket | TCP TLS 1.2 AES | admin pc browser → appliance | > 2.5.7 update 1 not required | DR | Websocket for real-time appliance to browser updates (redirected to 2012). |
| 2012 TLS websocket | TCP TLS 1.2 AES | admin pc browser → appliance | > 2.5.7 update 1 not required | DR | Websocket for real-time appliance to browser updates (redirected to 2012). |
| 2013 TLS websocket | TCP TLS 1.2 AES | admin pc browser → appliance | > 2.5.7 update 1 not required | Easy Auditor | Websocket for Easy Auditor wiretap feature (only required if this product is installed). |
| 2014 TLS websocket (new Performance Auditor) | TCP TLS 1.2 AES | admin pc browser → appliance | > 2.5.7 update 1 not required | Performance Auditor | Websocket for Performance Auditor application (only required if this product is licensed and installed). |
| SSH 22 | TCP AES | admin pc workstation → appliance | All | secure shell access. | |
| Proxy login SMB 2 (only) 445 | TCP | appliance → Isilon/PowerScale | > 2.5.7 SMB3 supported with encryption | All | Used to authenticate to AD through Isilon/PowerScale using standard Microsoft SMB authentication request for Role based login proxy interface. |
| SMB Security Guard Ransomware Defender SMB TCP 445 SMB2 only | TCP | appliance → Isilon/PowerScale | > 2.5.7 SMB3 supported with encryption | Ransomware Defender | Used by Ransomware Defender (if licensed) to simulate ransomware attack automation. |
| SMB Security Guard Ransomware Defender SMB for TCP 9021 https | TCP | appliance → ECS | > 2.5.9 with S3 over HTTPS | Defender for ECS | Used by Defender for ECS to simulate ransomware attack automation. |
| SMB Robo Audit Easy Auditor SMB TCP 445 SMB2 only | TCP | appliance → Isilon/PowerScale | > 2.5.9 SMB3 supported with encryption | Easy Auditor | Used by Easy Auditor to test audit health for audit data ingestion and database health automation (if licensed). |
| Dual DNS Delegation | UDP | appliance port 53 UDP DNS --> Groupnet(x) DNS servers | DR | This is new in 2.5.6 or later and requires Eyeglass to be able to access the Groupnet DNS servers to validate Dual DNS delegation is configured correctly. The OS DNS is not used since the DNS that must be configured correctly is used by Isilon/PowerScale itself. |
https://cloudapps.supernaeyeglass.com (your pc browser --> Internet)
Overview - faster more efficient support, enables proactive response without your involvement)
How to test firewall port access to required URL's
wget https://na-static-phonehome.supernaeyeglass.com curl -X POST -k http://na-static-phonehome.supernaeyeglass.com© Superna Inc