About firewall requirements
These ports must be open for the SCC to function properly:
TCP ports 9443 and 443 for HTTPS communication. SCC 9.0.0 and later use port 443 for the REST API SSL key exchange between the SCC and SteelHeads. After the certificate exchange is successful, an OCC channel is established between the SteelHead and the SCC on port 9443; thereafter, the SCC uses port 9443 to communicate with the SteelHeads.
TCP port 22 for CLI communication.
If the network is public, use UDP port 4500 for encryption services.
If you plan to configure SaaS acceleration on managed SteelHeads and SteelFusion Edges using SCC, use TCP port 3900 for registering SCC with SCM.
Because optimization between SteelHeads typically takes place over a secure WAN, it is not necessary to configure company firewalls to support SteelHead-specific ports.
Enabling communication to SteelHeads with restricted access
1. On the SCC, connect to the CLI in configuration mode. For detailed information about connecting and using the Riverbed CLI, see the Riverbed Command-Line Interface Reference Manual.
2. To configure SSL authentication port access, at the system prompt enter:
amnesiac (config) # ocs authport port <port-number>
where <port-number> is the authentication port number on which you want to establish communication with the SCC.
3. On the SteelHead, connect to the CLI in configuration mode and enter this command at the system prompt:
ocd connection cmc csr_auth auth_port <port-number>
where <port-number> is the authorized port number on which you want to establish communication with the SCC. Make sure this is the same port you configured on the SCC.
Troubleshooting
On the SCC:
• The port number should have an appropriate entry when you run the netstat command. On the SCC, via the shell, at the system prompt enter:
netstat -an |grep <port-number>
• The port number should be listed in the Apache /etc/httpd/http.conf file:
Listen <port-number>
If the port number doesn’t appear, restart the HTTP service on the SCC:
pm process httpd restart
On the SteelHead:
• Enter the show ocd connections command. It should list the port number as Auth Port and Status “Connected.”
• To ensure registration is successful, enter these commands:
amnesiac # show scc
amnesiac # show cmc
Connecting to the SCC Management Console
To connect to the Management Console, you must know the host, domain, and administrator password that you assigned in the configuration wizard.
Cookies and JavaScript must be enabled in your web browser.
Before you begin, clear your browser cache and cookies to ensure the user interface displays correctly.
To connect to the SCC Management Console
1. Enter the URL for the SCC in the location box of your browser:
<protocol>://<host>.<domain>
<protocol> is http or https. The secure HTTPS uses the SSL protocol to ensure a secure environment. When you connect using HTTPS, you’re prompted to inspect and verify the SSL certificate. This is a self-signed certificate used to provide encrypted web connections to the SCC.
<host> is the IP address or hostname you assigned the SCC during initial configuration. If your DNS server maps the IP address to a name, you can specify the DNS name.
<domain> is the full domain name for the SCC.
The SCC Sign In page appears.
2. In the text box, specify the user login: admin, monitor, a login from a RADIUS or a TACACS+ database, or a previously configured role-based management (RBM) account.
The default login is admin. Users with administrator privileges can configure and administer the SCC. Users with monitor privileges can view SCC reports but they can’t configure the system.
3. In the Password text box, specify the password you assigned in the configuration wizard of the SCC.
The SCC is shipped with password as the default password.
4. Click Log In to log in to display the dashboard.