Owner's manual
Table Of Contents
- Chapter 1: Introduction
- Chapter 2: Accessing CC-SG
- Chapter 3: Configuring CC-SG with Guided Setup
- Chapter 4: Creating Associations
- Chapter 5: Adding Devices and Device Groups
- Chapter 6: Configuring Nodes and Interfaces
- Chapter 7: Adding and Managing Users and User Groups
- Chapter 8: Policies
- Chapter 9: Configuring Remote Authentication
- Chapter 10: Generating Reports
- Audit Trail Report
- Error Log Report
- Access Report
- Availability Report
- Active Users Report
- Locked Out Users Report
- User Data Report
- Users in Groups Report
- Group Data Report
- AD User Group Report
- Asset Management Report
- Node Asset Report
- Active Nodes Report
- Node Creation Report
- Query Port Report
- Active Ports Report
- Scheduled Reports
- CC-NOC Synchronization Report
- Chapter 11: System Maintenance
- Chapter 12: Advanced Administration
- Appendix A: Specifications (G1, V1, and E1)
- Appendix B: CC-SG and Network Configuration
- Appendix C: User Group Privileges
- Appendix D: SNMP Traps
- Appendix E: Troubleshooting
- Appendix F: Two-Factor Authentication
- Appendix G: FAQs
- Appendix H: Keyboard Shortcuts
APPENDIX B: CC-SG AND NETWORK CONFIGURATION 215
Appendix B: CC-SG and Network Configuration
Introduction
This appendix discloses network requirements (addresses, protocols and ports) of a typical CC-
SG (CC-SG) deployment. It includes information about how to configure your network for both
external access (if desired) and internal security and routing policy enforcement (if used). Details
are provided for the benefit of a TCP/IP network administrator, whose role and responsibilities
may extend beyond that of a CC-SG administrator and who may wish to incorporate CC-SG and
its components into a site’s security access and routing policies.
As depicted in the diagram below, a typical CC-SG deployment may have none, some, or all of
the features, for example, a firewall or a Virtual Private Network (VPN). The tables that follow
disclose the protocols and ports that are needed by CC-SG and its associated components, which
are essential to understand especially if firewalls or VPNs are present in your network and access
and security policies are to be enforced by the network.
Executive Summary
In the sections below, a very complete and thorough analysis of the communications and port
usage by CC-SG and its associated components is provided. For those customers who just want to
know what ports to open on a firewall to allow access to CC-SG and the targets that it controls,
the following ports should be opened:
Port
Number
Protocol Purpose
80 TCP HTTP Access to CC-SG
443 TCP HTTPS (SSL) Access to CC-SG
8080 TCP CC-SG <-> PC Client
2400 TCP Node Access (Proxy Mode & In-Band Access)
5000
1
TCP Node Access (Direct Mode)
51000
1
TCP SX Target Access (Direct Mode)
This list can be further trimmed:
• Port 80 can be dropped if all access to the CC-SG is via HTTPS addresses.
• Ports 5000 and 51000 can be dropped if CC-SG Proxy mode is used for any connections from
the firewall(s).
Thus, a minimum configuration only requires three (3) ports [443, 8080, and 2400] to be opened
to allow external access to CC-SG.
In the sections below, the details about these access methods and ports are provided along with
configuration controls and options.
1
These ports need to be opened per Raritan device that will be externally accessed. The other
ports in the table need to be opened only for accessing CC-SG.