Cisco Cisco Evolved Programmable Network Manager 2.0 Installation Guide
10
Ports Used by Cisco EPN Manager
Note
The installation process uses the server's eth0 and eth1 Ethernet ports. If you use a different port, the system might not
work properly.
work properly.
The following table lists the ports that Cisco EPN Manager uses to listen for connection requests from devices. For security
hardening, this table also specifies whether it is safe to disable the port without any adverse effects to the product.
hardening, this table also specifies whether it is safe to disable the port without any adverse effects to the product.
As a general policy, any ports that are not needed and are not secure should be disabled. You need to first know which ports
are enabled, and then decide which of these ports can be safely disabled without disrupting the normal functioning of
Cisco EPN Manager. You can do this by listing the ports that are open and comparing it with a list of ports that are safe to
disable. The built-in firewall in Cisco EPN Manager does not expose some of the listening ports. To view a list of the ports used
in your deployment, log in as a Cisco EPN Manager CLI admin user and run the show security-status command. To view a list
of all open listening ports, including those that are blocked by the built-in firewall, log in as the Linux CLI admin user and run
the netstat -aln command.
are enabled, and then decide which of these ports can be safely disabled without disrupting the normal functioning of
Cisco EPN Manager. You can do this by listing the ports that are open and comparing it with a list of ports that are safe to
disable. The built-in firewall in Cisco EPN Manager does not expose some of the listening ports. To view a list of the ports used
in your deployment, log in as a Cisco EPN Manager CLI admin user and run the show security-status command. To view a list
of all open listening ports, including those that are blocked by the built-in firewall, log in as the Linux CLI admin user and run
the netstat -aln command.
In addition to the built-in firewall, you can also deploy additional network firewalls to block other unused ports and their
traffic.
traffic.
Table 1
Listening Ports That Are Open Through Built-in Firewall
Port
Protocol Usage
Safe to
Disable?
Disable?
Procedure to Disable
21
TCP
To transfer files to
and from devices
using FTP.
and from devices
using FTP.
Yes
To disable FTP:
1.
From the web GUI, choose Administration > Settings > System
Settings, then choose General > Server.
Settings, then choose General > Server.
2.
Under FTP, choose Disable.
3.
As the Cisco EPN Manager CLI admin user, stop and restart the
server to apply your changes:
server to apply your changes:
ncs stop
ncs start
To re-enable FTP:
1.
From the web GUI, choose Administration > Settings > System
Settings, then choose General > Server.
Settings, then choose General > Server.
2.
Under FTP, choose Enable.
3.
As the Cisco EPN Manager CLI admin user, stop and restart the
server to apply your changes:
server to apply your changes:
ncs stop
ncs start
22 TCP
To
initiate
SSH
connections with the
Cisco EPN Manager
server, and to copy
files to the
Cisco EPN Manager
server using SCP or
SFTP.
Cisco EPN Manager
server, and to copy
files to the
Cisco EPN Manager
server using SCP or
SFTP.
Depends
This might be still needed by older managed devices that only
supports TFTP and not SFTP or SCP.
supports TFTP and not SFTP or SCP.
69
UDP
To distribute images
to devices using
TFTP.
to devices using
TFTP.
Depends
Only if alternative protocols like SCP or SFTP or HTTPS is used for
image distribution, and if supported by the managed devices.
image distribution, and if supported by the managed devices.