HP-UX IPSec Version A.03.00 Administrator's Guide
SMH Management Station Host IPsec Policies
If HP-UX IPSec is installed on the SMH Management Station, configure host IPsec policies for
the packets listed below with actions (PASS or transform lists) that match the policies on the
cluster nodes.
Destination PortSource PortProtocolDestination IP AddressSource IP Address
clog_port ( the TCP
port configured for the
clog package
0TCP
cluster node addressSMH Management
Station address (or
wildcard)
Summary: Serviceguard Port Numbers and Protocols
Serviceguard uses the following port numbers and protocols.
Table G-1 Serviceguard Port Numbers and Protocols
ServiceProtocolsPort
Used for cluster subnet monitoring between cluster nodes.ICMP Type 8 (Echo)N/A
Used by the clog service as the destination port on cluster
nodes to receive requests from the SMH Management Agent.
TCP
Configurable clog port
Used for network probes by cluster configuration commands
between cluster nodes.
UDP9
SNMP agent. Used as the destination port on the cluster
nodes from the Serviceguard Manager system.
UDP161
SNMP traps. Used as the destination port on the
Serviceguard Manager system from the cluster nodes.
UDP162
Shell (remote shell). Used as the destination port on cluster
nodes to allow remote execution of the cmscancl command.
TCP514
Quorum Server. Used as the destination port on the Quorum
Server from the cluster nodes.
TCP1238
HA - Logical Volume Manager. Used as the destination port
between the cluster nodes.
TCP1476
Plug-in Serviceguard Manager. Used as the destination port
on cluster nodes from the SMH Management Station.
TCP, UDP2301
Plug-in Serviceguard Manager. Used as the destination port
on cluster nodes from the SMH Management Station.
TCP, UDP2381
HA Cluster Heartbeat (hacl-hb). Used as the destination
port between cluster nodes.
TCP, UDP5300
HA Cluster General Services (hacl-gs). Used as the
destination port between cluster nodes.
TCP5301
HA Configuration (ha-cfg). Used as destination ports
between cluster nodes.
These ports are also used as destination ports on the cluster
nodes for requests from Cluster Object Manager (COM)
nodes, and for Serviceguard remote command execution
requests.
TCP and UDP5302
HA Cluster Probe (hacl-probe). Used as the destination port
between cluster nodes.
TCP port 5303 is also used as the destination port on Cluster
Object Manager (COM) nodes for requests from COM
clients.
TCP and UDP5303
Step 1: Configuring HP-UX Host IPsec Policies for Serviceguard 233