Firewall Settings
Firewalls between TSA and the discovery devices might prevent a complete and successful discovery from occurring.
In cases where it is necessary to traverse a firewall, ports must be opened in the firewall, depending on the type of device you want to discover. Typically port 22 (SSH) and port 161 (SNMP) must be opened. Refer to the following table for additional port requirements for specific device types.
If you modify the default settings in the Discovery Connection Settings → Legacy Protocols page, some devices cannot be discovered.
- If Telnet is turned off, IBM® TS3494 and TS3953 tape library devices cannot be discovered. Other devices might not be discovered if SSH is not active on that device.
- If SMB1 is turned off, Windows® devices that do not have WINRM enabled cannot be discovered. WINCOR™ ATM devices cannot be discovered at all.
- If HTTP is turned off, some devices (like the TS3100, TS300, and TS3310) cannot be discovered at all. Other devices (such as the IBM TS3500 cannot be discovered if TSA cannot connect through HTTPS.
- If discovery of DS6000 or DS8000 devices using port 1750 is disabled, any device that has not enabled port 1751 (HTTPS) cannot be discovered.
- Some DS3000, DS4000, or DS5000 devices cannot be discovered if discovery without user credentials is disabled.
| Discovery Endpoint | Ports | Interface or Protocol |
|---|---|---|
| Numerous | 161 | SNMP |
| Storage Devices | ||
| DS6000 / DS8000 | 1750 (HTTP) or 1751 (HTTPS) | DSCLI |
| DS3000 / DS4000 / DS5000 | 2463 | SMCLI |
| XIV | 7778 | XCLI |
| nSeries or NetApp | 22 or 23 | SSH or Telnet |
| SVC or V7000/V3700 | 22 | SSH |
| V7000 Unified | 22 | SSH |
| IBM TS3100 or TS3200 | 80 | HTTP |
| IBM TS3310 | 80 | HTTP |
| IBM TS3500 | 443 or 80 | HTTPS or HTTP |
| IBM TS4300 | 3031 | HTTPS (on port 3031) |
| IBM TS4500 | 443 or 80 | HTTPS or HTTP |
| IBM TS7700 | 443 or 80 | HTTPS or HTTP |
| IBM TS3494, TS3953 | 23 | Telnet |
| IBM ProtecTier | 22 | SSH |
| HP Storage | 22 or 23 | SSH or Telnet |
| IBM Flash System, v9000 | 22 | SSH |
| EMC Corporation Storage - Clarion, VNX, or VMAX |
427 HTTPS or HTTP |
SLP, HTTPS, or HTTP |
| EMC Corporation Storage - EMC Data Domain | 22 | SSH |
| IBM Cloud Object Storage | 443 | HTTPS |
| Operating Systems and Hosts | ||
| FSM | 22 or 23 | SSH or Telnet |
| CMM | 22 or 23 | SSH or Telnet |
| AMM | 22 or 23 | SSH or Telnet |
| HP Proliant Blade Server through HP OnBoard Administrator | 22 or 23 | SSH or Telnet |
| IMM and IMM2 | 22 or 23 | SSH or Telnet |
| HP iLO for the HP Integrity / HP 9000 servers | 22 or 23 | SSH* or Telnet |
| Dell iDRAC | 22 or 23 | SSH or Telnet |
| ATM devices (Wincor) | 445 | SMBv1 |
| Network Devices | ||
| Brocade | 161, 22 or 23 | SNMP, SSH, Telnet |
| IBM b-type Storage Area Network (SAN) switches | 22 or 23 | SSH, Telnet |
| Cisco | 161 or 22 or 23 | SNMP, SSH, Telnet |
| BNT | 22 or 23 | SSH or Telnet |
| Juniper | 22 or 23 | SSH or Telnet |
| QLogic | 22 or 23 | SSH* or Telnet |
| Fortinet (FortiOS) | 22 or 23 | SSH or Telnet |
| Palo Alto Networks (PAN-OS) | 443 | HTTPS |
| F5 Big-IP (TMOS) | 22 or 23 | SSH or Telnet |
| Check Point | 22 or 23 | SSH or Telnet |
| Operating Systems or Server Platforms | ||
| HMC | 22 | SSH |
| VIOS | 22 | SSH |
| AIX | 22 | SSH |
| Linux® | 22 | SSH |
| Windows® | 445 | SMBv1 |
| VMware vCenter® | 443 | HTTPS |
| VMware ESXi® | 443, 5989 | HTTPS |
| IVM | 22, 23 | SSH or Telnet |
| IBM i® | 22 | SSH |
| SUN | 22 | SSH |
| TSA supports only SSH v1 for the devices that are marked by SSH*. | ||