Raritan Engineering Command Center CC-SG ユーザーズマニュアル
A
PPENDIX B
:
CC
-
SG AND NETWORK CONFIGURATION
229
Appendix B: CC-SG and Network Configuration
Introduction
This appendix discloses network requirements (addresses, protocols and ports) of a typical
CommandCenter Secure Gateway (CC-SG) deployment. It provides what you need to know and
how to configure your network for both external access (if desired) and internal security and
routing policy enforcement (if used). Details are provided for the benefit of a TCP/IP network
administrator, whose role and responsibilities may extend beyond that of a CC-SG administrator
and who may wish to incorporate CC-SG and its components into site’s security access and
routing policies.
As depicted in the diagram below (see Figure #1), a typical CC-SG deployment may have none,
some, or all of the features, for example, a firewall or a Virtual Private Network (VPN). The
tables that follow disclose the protocols and ports that are needed by CC-SG and its associated
components, which are essential to understand especially if firewalls or VPNs are present in your
network and access and security policies are to be enforced by the network.
CommandCenter Secure Gateway (CC-SG) deployment. It provides what you need to know and
how to configure your network for both external access (if desired) and internal security and
routing policy enforcement (if used). Details are provided for the benefit of a TCP/IP network
administrator, whose role and responsibilities may extend beyond that of a CC-SG administrator
and who may wish to incorporate CC-SG and its components into site’s security access and
routing policies.
As depicted in the diagram below (see Figure #1), a typical CC-SG deployment may have none,
some, or all of the features, for example, a firewall or a Virtual Private Network (VPN). The
tables that follow disclose the protocols and ports that are needed by CC-SG and its associated
components, which are essential to understand especially if firewalls or VPNs are present in your
network and access and security policies are to be enforced by the network.
Executive Summary
In the sections below, a very complete and thorough analysis of the communications and port
usage by CC-SG and its associated components is provided. For those customers that just want to
know what ports to open on a firewall to allow access to CC-SG and the targets that it controls,
the following ports should be opened:
usage by CC-SG and its associated components is provided. For those customers that just want to
know what ports to open on a firewall to allow access to CC-SG and the targets that it controls,
the following ports should be opened:
Port
Number
Number
Protocol
Purpose
80
TCP
HTTP Access to CC-SG
443
TCP
HTTPS (SSL) Access to CC-SG
8080
TCP
CC-SG <-> PC Client
2400
TCP
Target Access (Proxy Mode & In-Band Access)
5000
TCP
Target Access (Direct Mode)
51000
1
TCP
SX Target Access (Direct Mode)
This list can be further trimmed:
• Port 80 can be dropped if all access to the CC-SG is via HTTPS addresses.
• Ports 5000 and 51000 can be dropped if CC-SG Proxy mode is used for any connections from
the firewall(s).
Thus, a minimum configuration only requires three (3) ports [443, 8080, and 2400] to be opened
to allow external access to CC-SG.
In the sections below, the details about these access methods and ports are provided along with
configuration controls and options.
1
These ports need to be opened per Raritan device that will be externally accessed. The other
ports in the table need to be opened only for accessing CC-SG.