Copyright © SEP AG 1999-2020. All rights reserved.
Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.
Overview
SEP sesam client-server communication requires certain TCP ports to be open to enable SEP sesam components to communicate with each other through a firewall. Daemons are specific to the SEP sesam Client/SEP sesam Server/RDS installation and are using different port numbers.
The ports required may be SEP sesam version-specific. As of version ≥ 4.4.3 Beefalo, SEP sesam uses fewer ports per default than in the previous versions:
Ensure that all required ports are available on the system for SEP sesam daemons and that they are not blocked by a firewall; these ports may not be assigned to another service. If the required ports are not available, SEP sesam will not function correctly.
Additionally, you might need to open relevant network ports to ensure communication between SEP sesam Server or SEP sesam data mover and additional modules, e.g., VMware vSphere, NDMP, etc. For the list of module-related ports, see below section Module-related ports.
Used default ports in version ≥ 4.4.3 Beefalo
If a firewall is used, then only the following TCP ports must be allowed for SEP sesam backup in versions ≥ 4.4.3 Beefalo. SEP recommends SMSSH for secure control communication between SEP S
sesam Server and SEP sesam Clients/RDS and the HTTP protocol for data transfer from SEP sesam Client to the SEP sesam device server. SMSSH and HTTP are the default protocols, if no other protocol is specified in the client configuration and in the different events (backup/restore/migration etc.).
| Component/Description |
Direction |
Source port |
Destination port |
Protocol |
Configuration in GUI
|
| SEP sesam Server
|
| SMSSH: Encrypted communication to the client |
outbound |
random |
11322 |
TCP/SSH |
Client properties -> Access Mode -> select SMSSH
|
| Backup data over HTTP |
inbound |
random |
11000 |
TCP/HTTP |
Client properties -> Interfaces -> enter <http://hostname:11000>
|
| SEP sesam Client
|
| SMSSH: Encrypted communication to the client |
inbound |
random |
11322 |
TCP/SSH |
Client properties -> Access Mode -> select SMSSH
|
| Backup data over HTTP |
outbound |
random |
11000 |
TCP/HTTP |
Client properties -> Interfaces -> enter <http://hostname:11000>
|
| SEP sesam Remote Device Server
|
| SMSSH: Encrypted communication to the client |
inbound |
random |
11322 |
TCP/SSH |
Client properties -> Access Mode -> select SMSSH
|
| Backup data over HTTP |
inbound |
random |
11000 |
TCP/HTTP |
Client properties -> Interfaces -> enter <http://hostname:11000>
|
SEP sesam full ports list
The following is the full list of ports used by SEP sesam. You only need to open the ports in your firewall which you're using. If you decide to configure all control communications over SMSSH, you don't have to open the CTRL port 11301 in the firewall.
Port numbers for SEP sesam Server
| Port number
|
Description
|
Configuration in GUI/Example
|
| 11301 |
CTRL: Unencrypted communication to the client |
Client properties -> Access Mode -> select CTRL
|
| 11322 |
SMSSH: Encrypted communication to the client |
Client properties -> Access Mode -> select SMSSH
|
| 11001 |
Data over FTP |
Client properties -> Interfaces -> enter <hostname> or <ftp://<hostname>:11001>
|
| 11000 |
Data over HTTP |
Client properties -> Interfaces -> enter <http://hostname:11000>
|
| 11443 |
Data over HTTPS |
Client properties -> Interfaces -> enter <https://hostname:11443>
|
| 11002-11007 |
Port range for 3 parallel data transfers via FTP |
Client properties -> Options tab -> Firewall Settings -> enter port range in STPD options
|
| 11701+drive number |
Replication and source-side deduplication (SDS) port |
For example:
- If you replicate from dedup drive 2 (source) to the RDS drive 5 (target), the port is 11703 (daemon on the machine with drive 2).
- If you replicate from dedup drive 5 (source) to the RDS drive 2 (target), the port is 11706 (daemon on the machine with drive 5).
|
| 11401 |
GUI/WEB UI (RMI) listen port |
|
|
Note
|
| For external backups (BSR, SAP, Informix, MaxDB ...), the client must always be able to reach the SEP sesam Server via ports 11000 (for HTTP backups), 11443 (for HTTPS backups) and 11001 (for FTP backups), and not only the RDS. This must be taken into account in the firewall rules.
|
Port numbers for SEP sesam Remote Device Server
| Port number
|
Description
|
Configuration in GUI/Example
|
| 11301 |
CTRL: Unencrypted communication to the client |
Client properties -> Access Mode -> select CTRL
|
| 11322 |
SMSSH: Encrypted communication to the client |
Client properties -> Access Mode -> select SMSSH
|
| 11001 |
Data over FTP |
Client properties -> Interfaces -> enter <hostname> or <ftp://hostname:11001>
|
| 11000 |
Data over HTTP |
Client properties -> Interfaces -> enter <http://hostname:11000>
|
| 11443 |
Data over HTTPS |
Client properties -> Interfaces -> enter <https://hostname:11443>
|
| 11002-11007 |
Port range for 3 parallel data transfers via FTP |
Client properties -> Options tab -> Firewall Settings -> enter port range in STPD options
|
| 11701+drive number |
Replication and source-side deduplication (SDS) port |
For example:
- If you replicate from dedup drive 2 (source) to the RDS drive 5 (target), the port is 11703 (daemon on the machine with drive 2).
- If you replicate from dedup drive 5 (source) to the RDS drive 2 (target), the port is 11706 (daemon on the machine with drive 5).
|
| Additional ports for SEP sesam Remote Device Server with GUI
|
| - |
no incoming ports for GUI on RDS |
|
Port numbers for SEP sesam Client
| Port number
|
Description
|
Configuration in GUI/Example
|
| 11301 |
CTRL: Unencrypted communication to the client |
Client properties -> Access Mode -> select CTRL
|
| 11322 |
SMSSH: Encrypted communication to the client |
Client properties -> Access Mode -> select SMSSH
|
| 11002-11007 |
Port range for 3 parallel data transfers via FTP |
Client properties -> Options tab -> Firewall Settings -> enter port range in STPD options
|
Port numbers for SEP sesam GUI PC (not SEP sesam Server)
| Port number
|
Description
|
Configuration in GUI/Example
|
| - |
no incoming ports to GUI PC |
|
| Additional ports for SEP sesam GUI PC with installed SEP sesam Client
|
| 11301 |
CTRL: Unencrypted communication to the client |
Client properties -> Access Mode -> select CTRL
|
| 11322 |
SMSSH: Encrypted communication to the client |
Client properties -> Access Mode -> select SMSSH
|
| 11002-11007 |
Port range for 3 parallel data transfers via FTP |
Client properties -> Options tab -> Firewall Settings -> enter port range in STPD options
|
Module-related ports
The following tables shows the required network ports used for communication (connection or data transfer) between SEP sesam Server or SEP sesam data mover and extra modules.
Port numbers for VMware vSphere
| From
|
To
|
Description
|
Port number
|
Protocol
|
| SEP sesam Server |
vSphere (vCenter/ESXi) |
Connection to vCenter Server or ESXi server |
443 |
HTTPS/TCP
|
| SEP sesam data mover |
vSphere (vCenter/ESXi) |
Connection to vCenter Server or ESXi server |
443 |
HTTPS/TCP
|
| SEP sesam data mover |
ESXi server |
Data transfer to ESXi host |
902 |
TCP
|
Port numbers for Citrix XenServer
| From
|
To
|
Description
|
Port number
|
Protocol
|
| SEP sesam data mover |
Citrix XenServer |
Connection to Citrix XenServer |
443 |
HTTPS/TCP
|
| SEP sesam data mover |
Citrix XenServer |
Required for backups with CBT |
10809 |
HTTPS/TCP
|
Port numbers for NDMP
| From
|
To
|
Description
|
Port number
|
Protocol
|
| SEP sesam data mover |
NDMP server |
Data transfer between components |
1000 |
NDMP
|
Port numbers for HPE StoreOnce
| From
|
To
|
Description
|
Port number
|
Protocol
|
| SEP sesam Server |
HPE StoreOnce |
Default command port; for communication with HPE StoreOnce |
9387 |
TCP
|
| SEP sesam Server |
HPE StoreOnce |
Default data port; for communication with HPE StoreOnce |
9388 |
TCP
|
