System information

Network Security Considerations

For maximum security, n-Command MSP should be deployed in a DMZ

behind a firewall. The following considerations should be made to ensure

proper operation when deployed in this manner.

Inbound connections are necessary for the n-Command MSP user

interface, as well as device management. The following ports should be

configured to allow inbound connections for proper operation (inbound

traffic can be restricted to management subnets and those containing

AOS devices):

 TCP 80 (Auto-link and user interface over HTTP; optional if using

HTTPS)

 TCP 443 (Auto-link and user interface over HTTPS)

 TCP 8443 (Auto-link over HTTPS)

 TCP 5060 (VQM reporter; optional if not using VQM reporter)

 UDP 5060 (VQM reporter; optional if not using VQM reporter)

 UDP 161 (SNMP agent; optional if not using the SNMP functionality of

n-Command MSP)

 UDP 162 (SNMP trap proxy; optional if not using the SNMP trap proxy

functionality of n-Command MSP)

Additionally, the following outbound ports are required to allow access to

your configured NTP servers, SMTP servers, and AOS devices:

 UDP port 123 (NTP)

 TCP port 25 (SMTP)

 TCP port 80 (Used to force device check-ins)

 TCP port 443 (Used to force device check-ins)

ADTRAN n-Command MSP v6.1 Help

61700841G1-1A