Riverbed System Ports
  
Riverbed System Ports
This appendix provides a reference to ports used by the system. It includes these sections:
•  Default ports
•  SteelFusion ports
•  Commonly excluded ports
•  Interactive ports forwarded by the SteelHead
•  Secure ports forwarded by the SteelHead
Default ports
This table summarizes SteelHead default ports with the port label: RBT-Proto.
Default ports
Description
7744
RiOS data store synchronization port.
7800
In-path port for appliance to appliance connections.
7801
Network Address Translation (NAT) port.
7810
Out-of-path server port.
7820
Failover port for redundant appliances.
7850
Connection forwarding (neighbor) port.
7860
Interceptor
7870
SteelHead Mobile
Note: Because optimization between SteelHead typically takes place over a secure WAN, it isn’t necessary to configure company firewalls to support SteelHead-specific ports. If there are one or more firewalls between two SteelHead, ports 7800 and 7810, must be passed through firewall devices located between the pair of SteelHead. Also, SYN and SYN/ACK packets with the TCP option 76 must be passed through firewalls for autodiscovery to function properly. For the SCC CLI, port 22 must be passed through for the firewall to function properly.
SteelFusion ports
This table lists and describes the SteelFusion default ports with the port label SteelFusion.
Default ports
Description
7950
Data requests for data blocks absent in Edge appliance from the data center
7951
New data created at the Edge to the data center
7952
Prefetch data for which SteelFusion has highest confidence (for example, file read ahead)
7953
Prefetch data for which SteelFusion has medium confidence (for example, boot)
7954
Prefetch data for which SteelFusion has lowest confidence (for example, prepopulation)
7970
Management information exchange between Edge and Core appliances
Commonly excluded ports
This section summarizes the ports that are commonly excluded from optimization in the SteelHead.
For details, see SteelHead Interceptor User Guide.
If you have multiple ports that you want to exclude, create a port label and list the ports.
Application
Ports
PolyComm (video conferencing)
1503, 1720-1727, 3230-3253, 5060
Cisco IPTel
2000
Interactive ports forwarded by the SteelHead
A default in-path rule with the port label Interactive is automatically created in your system. This in-path rule automatically passes through traffic on interactive ports (for example, Telnet, TCP ECHO, remote logging, and shell).
Tip: If you don’t want to automatically forward these ports, simply delete the Interactive rule in the SCC.
This table lists the interactive ports that are automatically forwarded by the SteelHead.
Port
Description
7
TCP ECHO
23
Telnet
80
HTTP
37
UDP/Time
107
Remote Telnet Service
179
Border Gateway Protocol
513
Remote Login
514
Shell
1494
Citrix
1718-1720
h323gatedisc
2000-2003
Cisco SCCP
2427
Media Gateway Control Protocol Gateway
2598
Citrix
2727
Media Gateway Control Protocol Call Agent
3389
MS WBT Server, TS/Remote Desktop
5060
SIP
5631
PC Anywhere
5900-5903
VNC
6000
X11
Secure ports forwarded by the SteelHead
A default in-path rule with the port label Secure is automatically created in your system. This in-path rule automatically passes through traffic on commonly secure ports (for example, SSH, HTTPs, and SMTPS).
Tip: If you don’t want to automatically forward these ports, simply delete the Secure rule in the SCC.
This table lists the common secure ports that are automatically forwarded by the SteelHead.
Type
Port
Description
SSH
22/tcp
SSH Remote Login Protocol
TACACS
49/tcp
TACACS+
HTTPS
443/tcp
http protocol over TLS/SSL
SMTPS
465/tcp
SMTP over SSL (TLS)
NNTPS
563/tcp
NNTP protocol over TLS/SSL (was SNNTP)
IMAP4-SSL
585/tcp
IMAP4+SSL (use 993 instead)
SSHELL
614/tcp
SSL shell
LDAP
636/tcp
LDAP protocol over TLS/SSL (was SLDAP)
FTP-data
989/tcp
FTP protocol, data, over TLS/SSL
FTPS
990/tcp
FTPS protocol, control, over TLS/SSL
TELNET
992/tcp
TELNET protocol over TLS/SSL
IMAPS
993/tcp
IMAPS protocol over TLS/SSL
POP3
995/tcp
POP3 protocol over TLS/SSL (was spop3)
L2TP
1701/tcp
L2TP
PPTP
1723/tcp
PPTP
TFTP
3713/tcp
TFTP over TLS
This table contains the uncommon ports automatically forwarded by the SteelHead.
Type
Port
Description
nsiiops
261/tcp
IIOP Name Service over TLS/SSL
ddm-ssl
448/tcp
DDM-Remote DB Access Using Secure Sockets
corba-iiop-ssl
684/tcp
CORBA IIOP SSL
ieee-mms-ssl
695/tcp
IEEE-MMS-SSL
ircs
994/tcp
irc protocol over TLS/SSL
njenet-ssl
2252/tcp
NJENET using SSL
ssm-cssps
2478/tcp
SecurSight Authentication Server (SSL)
ssm-els
2479/tcp
SecurSight Event Logging Server (SSL)
giop-ssl
2482/tcp
Oracle GIOP SSL
ttc-ssl
2484/tcp
Oracle TTC SSL
groove
2492
GROOVE
syncserverssl
2679/tcp
Sync Server SSL
dicom-tls
2762/tcp
DICOM TLS
realsecure
2998/tcp
Real Secure
orbix-loc-ssl
3077/tcp
Orbix 2000 Locator SSL
orbix-cfg-ssl
3078/tcp
Orbix 2000 Locator SSL
cops-tls
3183/tcp
COPS/TLS
csvr-sslproxy
3191/tcp
ConServR SSL Proxy
xnm-ssl
3220/tcp
XML NM over SSL
msft-gc-ssl
3269/tcp
Microsoft Global Catalog with LDAP/SSL
networklenss
3410/tcp
NetworkLens SSL Event
xtrms
3424/tcp
xTrade over TLS/SSL
jt400-ssl
3471/tcp
jt400-ssl
seclayer-tls
3496/tcp
Security layer over TLS
vt-ssl
3509/tcp
Virtual Token SSL Port
jboss-iiop-ssl
3529/tcp
JBoss IIOP/SSL
ibm-diradm-ssl
3539/tcp
IBM Directory Server SSL
can-nds-ssl
3660/tcp
Candle Directory Services using SSL
can-ferret-ssl
3661/tcp
Candle Directory Services using SSL
linktest-s
3747/tcp
LXPRO.COM LinkTest SSL
asap-tcp-tls
3864/tcp
asap/tls tcp port
topflow-ssl
3885/tcp
TopFlow SSL
sdo-tls
3896/tcp
Simple Distributed Objects over TLS
sdo-ssh
3897/tcp
Simple Distributed Objects over SSH
iss-mgmt-ssl
3995/tcp
ISS Management Svcs SSL
suucp
4031/tcp
UUCP over SSL
wsm-server-ssl
5007/tcp
wsm server ssl
sip-tls
5061/tcp
SIP-TLS
imqtunnels
7674/tcp
iMQ SSL tunnel
davsrcs
9802/tcp
WebDAV Source TLS/SSL
intrepid-ssl
11751/tcp
Intrepid SSL
rets-ssl
12109/tcp
RETS over SSL