SteelConnect Connection Ports
Ports used by SteelConnect for inbound, outbound, and SSH connections.
Outbound connections
Service | Protocol | Default port | Destination |
DNS - Gateways only | UDP/TCP | 53 | Any |
NTP - Gateways only | UDP | 123 | Any |
HTTP redirect for portal | TCP | 80 | Any |
Uplink IP reflector | TCP | 80 | rfl.x.riverbed.cc |
SteelConnect Manager/Core Server | TCP | 443 | core.riverbed.cc/ core.ocedo.cc |
Portal | TCP | 80/443 | <hostname>.riverbed.cc -or- <hostname>.ocedo.cc |
Configuration and API | TCP | 3900 | <hostname>.riverbed.cc -or- <hostname>.ocedo.cc |
Tunneled SSH | TCP | 3901 | <hostname>.riverbed.cc -or- <hostname>.ocedo.cc |
Reporting | TCP | 3902 | <hostname>.riverbed.cc -or- <hostname>.ocedo.cc |
SD-WAN Controller | TCP | 3904 | <hostname>.riverbed.cc -or- <hostname>.ocedo.cc |
Reporting | TCP | 3905 | <hostname>.riverbed.cc -or- <hostname>.ocedo.cc |
Uplink Monitoring | ICMP | | Any |
SteelHead SD and SDI-5030 Firmware Download | TCP | 80/443 | download.riverbed.com |
FTP | TCP | 20/21 | ftp.riverbed.com |
Inbound/outbound connections
Service | Protocol | Default port | Destination |
AutoVPN | UDP | 500/4500 | Any |
Tunneled SSH client connections
Service | Protocol | Default port | Destination |
SSH proxy | TCP | 3903 | <hostname>.riverbed.cc -or- <hostname>.ocedo.cc |
Workstation | TCP | 3903 | <hostname>.riverbed.cc -or- <hostname>.ocedo.cc |
Notes
<hostname> should be the same as what appears in the URL for SCM. For example, if your SCM is testcompany.riverbed.cc, then you would use testcompany for the <hostname>.
The API port is listed as port 3900. In most cases, it is 3900. This can be verified by performing a DNS query for _cc._tcp.<hostname>.riverbed.cc.
_cc._tcp.<hostname>.riverbed.cc SRV service location:
priority = 10
weight = 10
port = 3900
svr hostname = <hostname>.riverbed.cc
where port equals the port number that should be used for API port.
To configure VPN port numbers in the SCM, choose Network Design > Sites, select a particular site, and then select the WAN/AutoVPN tab. Under the AutoVPN Advanced Settings, change the AutoVPN Port to a different port number.
The HTTP redirect for Portal-TCP port 80 is required to allow the TCP three-way handshake to complete. After that has completed, the portal sends a redirect to the client. The client doesn’t actually exchange any HTTP data with the external site. Additionally, it must be the MGMT zone IP address of the appliance in question that goes external. In the strictest sense, the source need not be all client IPs, but only the IPs of the Appliance MGMT zone IPs.