5 1 0:List of Ports Used by SEP sesam
Overview
SEP sesam client-server communication requires certain TCP ports to be open to enable SEP sesam components to communicate with each other through a firewall. Daemons are specific to the SEP sesam Client/SEP sesam Server/RDS installation and are using different port numbers.
The required ports may be SEP sesam version-specific. As of version ≥ 4.4.3 Beefalo, SEP sesam uses fewer ports by default than in previous versions:
- Default ports used for backup
- A complete list of ports used by SEP sesam
Ensure that all required ports are available on the system for SEP sesam daemons and are not blocked by a firewall; these ports must not be assigned to another service. If the required ports are not available, SEP sesam will not function correctly.
Additionally, you might need to open relevant network ports to ensure communication between SEP sesam Server or SEP sesam data mover and additional modules, e.g., VMware vSphere, NDMP, etc. A list of module-related ports can be found below in the section Module-related ports.
Used default ports
If a firewall is used, only the following TCP ports must be allowed for SEP sesam backup. SEP recommends SMSSH for secure control communication between SEP sesam Server and SEP sesam Clients/RDS and the HTTP protocol for data transfer from SEP sesam Client to SEP sesam device server. SMSSH and HTTP are the default protocols if no other protocol is specified in the client configuration and in the various events (backup/restore/migration etc.).
Component/Description | Direction | Source port | Destination port | Protocol | Configuration in the GUI |
---|---|---|---|---|---|
SEP sesam Server | |||||
SMSSH: Encrypted communication to the client | outbound | random | 11322 | TCP/SSH | Client properties -> Access Mode -> select SMSSH |
Backup data over HTTP | inbound | random | 11000 | TCP/HTTP | Client properties -> Interfaces -> enter <http://hostname:11000> |
SEP sesam Client | |||||
SMSSH: Encrypted communication to the client | inbound | random | 11322 | TCP/SSH | Client properties -> Access Mode -> select SMSSH |
Backup data over HTTP | outbound | random | 11000 | TCP/HTTP | Client properties -> Interfaces -> enter <http://hostname:11000> |
SEP sesam Remote Device Server | |||||
SMSSH: Encrypted communication to the client | inbound | random | 11322 | TCP/SSH | Client properties -> Access Mode -> select SMSSH |
Backup data over HTTP | inbound | random | 11000 | TCP/HTTP | Client properties -> Interfaces -> enter <http://hostname:11000> |
SEP sesam complete ports list
The following is the complete list of ports used by SEP sesam. You only need to open the ports in your firewall that you use. If you decide to configure all control communication via SMSSH, you do not need to open CTRL port 11301 in the firewall.
Port numbers for SEP sesam Server
Port number | Description | Configuration in the GUI/Example |
---|---|---|
11301 | CTRL: Unencrypted communication to client | Client properties -> Access Mode -> select CTRL |
11322 | SMSSH: Encrypted communication to the client | Client properties -> Access Mode -> select SMSSH |
11001 | Data over FTP | Client properties -> Interfaces -> enter <hostname> or <ftp://<hostname>:11001> |
11000 | Data over HTTP | Client properties -> Interfaces -> enter <http://hostname:11000> |
11443 | Data over HTTPS | Client properties -> Interfaces -> enter <https://hostname:11443> |
11002-11007 | Port range for 3 parallel data transfers via FTP | Client properties -> Options tab -> Firewall Settings -> enter the port range in the STPD options |
11701+drive number | Replication and source-side deduplication (SDS) port | For example:
|
11401 | GUI/WEB UI (RMI) listen port |
Note | |
For external backups (BSR, SAP, Informix, MaxDB ...) the client must always be able to reach the SEP sesam Server via ports 11000 (for HTTP backups), 11443 (for HTTPS backups) and 11001 (for FTP backups), and not only the RDS. This must be taken into account in the firewall rules. |
Port numbers for SEP sesam Remote Device Server
Port number | Description | Configuration in the GUI/Example |
---|---|---|
11301 | CTRL: Unencrypted communication to client | Client properties -> Access Mode -> select CTRL |
11322 | SMSSH: Encrypted communication to the client | Client properties -> Access Mode -> select SMSSH |
11001 | Data over FTP | Client properties -> Interfaces -> enter <hostname> or <ftp://hostname:11001> |
11000 | Data over HTTP | Client properties -> Interfaces -> enter <http://hostname:11000> |
11443 | Data over HTTPS | Client properties -> Interfaces -> enter <https://hostname:11443> |
11002-11007 | Port range for 3 parallel data transfers via FTP | Client properties -> Options tab -> Firewall Settings -> enter the port range in the STPD options |
11701+drive number | Replication and source-side deduplication (SDS) port | For example:
|
Additional ports for SEP sesam Remote Device Server with GUI | ||
- | no incoming ports for GUI on RDS |
Port numbers for SEP sesam Client
Port number | Description | Configuration in the GUI/Example |
---|---|---|
11301 | CTRL: Unencrypted communication to client | Client properties -> Access Mode -> select CTRL |
11322 | SMSSH: Encrypted communication to client | Client properties -> Access Mode -> select SMSSH |
11002-11007 | Port range for 3 parallel data transfers via FTP | Client properties -> Options tab -> Firewall Settings -> enter the port range in the STPD options |
Port numbers for SEP sesam GUI PC (not SEP sesam Server)
Port number | Description | Configuration in the GUI/Example |
---|---|---|
- | no incoming ports to GUI PC | |
Additional ports for SEP sesam GUI PC with installed SEP sesam Client | ||
11301 | CTRL: Unencrypted communication to client | Client properties -> Access Mode -> select CTRL |
11322 | SMSSH: Encrypted communication to the client | Client properties -> Access Mode -> select SMSSH |
11002-11007 | Port range for 3 parallel data transfers via FTP | Client properties -> Options tab -> Firewall Settings -> enter the port range in the STPD options |
The following tables show the required network ports used for communication (connection or data transfer) between SEP sesam Server or SEP sesam data mover and extra modules.
Port numbers for VMware vSphere
From | To | Description | Port number | Protocol |
---|---|---|---|---|
SEP sesam Server | vSphere (vCenter/ESXi) | Connection to vCenter Server or ESXi Server | 443 | HTTPS/TCP |
SEP sesam data mover | vSphere (vCenter/ESXi) | Connection to vCenter Server or ESXi Server | 443 | HTTPS/TCP |
SEP sesam data mover | ESXi server | Data transfer to ESXi host | 902 | TCP |
Port numbers for Citrix XenServer
From | To | Description | Port number | Protocol |
---|---|---|---|---|
SEP sesam data mover | Citrix XenServer | Connection to Citrix XenServer | 443 | HTTPS/TCP |
SEP sesam data mover | Citrix XenServer | Required for backups with CBT | 10809 | HTTPS/TCP |
Port numbers for NDMP
From | To | Description | Port number | Protocol |
---|---|---|---|---|
SEP sesam data mover | NDMP server | Data transfer between components (for NetApp see also NDMP firewall settings) |
10000 | NDMP |
Port numbers for HPE StoreOnce
From | To | Description | Port number | Protocol |
---|---|---|---|---|
SEP sesam Server | HPE StoreOnce | Default command port; for communication with HPE StoreOnce | 9387 | TCP |
SEP sesam Server | HPE StoreOnce | Default data port; for communication with HPE StoreOnce | 9388 | TCP |
See also
Configuring Clients – Firewalls – Antivirus Exclusions for SEP sesam