About security levels in Unitrends 9

SUMMARY

With the release of the UI for 9.0 CentOS 6 based appliances, the below described feature is only available from the legacy UI interface. These instructions assume you are using the Recovery Console. To Access the Recovery console from the Satori UI, select the gear icon near the top right of your screen and select “Open Legacy interface” which will then open in a new tab.

ISSUE

Notice:  With the release of the UI for 9.0 CentOS 6 based appliances, the below described feature is only available from the legacy UI interface.  These instructions assume you are using the Recovery Console.  To Access the Recovery console from the Satori UI, select the gear icon near the top right of your screen and select “Open Legacy interface”  which will then open in a new tab. 
 
By default, the security level on the system is set to No Security. This allows all ports to remain open. The administrator can choose the level of security desired on a particular system. Security levels can be set by selecting Settings > Clients, Networking, and Notifications > Ports and are categorized as:

  • No Security
  • Low Security
  • Medium Security
  • High Security
 
To access the system using medium security
When using medium security, access the Administrator Interface by entering https://<System_IP_address>/recoveryconsole/ as the browser address.
 
Access context-sensitive help by directing the browser to
https://<System_IP_Address>/recoveryconsole/help/main_menu.html.
 
Answer yes to any warning messages received.
 
To access the system using high security
When high security is enabled, the system can only be accessed using a KVM or directly attached monitor, keyboard, and mouse for physical systems, or from the VM console for virtual systems. You have access to the system console only. There is no way to access the Administrator Interface to view functions (such as backups, archives, and replication) or make changes to any system settings.
 
To disable high security
  1. Connect to the system console.
    • For physical systems, connect using a KVM or directly attached monitor, keyboard, and mouse.
    • For Unitrends Enterprise Backup for Hyper-V, launch Hyper-V Manager, select the Unitrends VM, and click Connect.
    • For Unitrends Enterprise Backup for VMware, connect to the Unitrends VM using the VMware vSphere Client, VMware Player, or VMware Workstation.
  2. In the Console Interface, enter 3 in the Please enter choice field.
  3. On the Firewall Security Level screen, enter 1, 2, or 3 in the Please enter choice field to change security level to None, Low, or Medium.

Open ports and security levels
The ports open for each security level are listed in the table below. Additionally, in the General Configuration section of the Settings interface (Settings > System, Updates, and Licensing > General Configuration > Configuration Options), there is a field named dataport_count. This field represents the number of TCP ports allowed to be opened for data transfer. This value includes the control value and four additional ports to determine the actual port numbers from which to select. When any level of security is enabled, the control value is 1745. The default number of additional ports added to 1745 is four. When configuring a firewall (using a security setting and a dataport count of five), ports 1745 through 1749 should be opened between the system and the clients the system protects.
 
NOTE: About replication and vaulting. Port 1 must be open during the initial configuration of replication or legacy vaulting. During replication or vaulting setup, if you configure a secure tunnel using OpenVPN (the recommended configuration), port 1194 is used for all communication between the source and target (or vault) systems. If you do not configure a secure tunnel using OpenVPN, ports 1743,1745 and 5432 are required for managing a system from the replication target or vault. Additionally, if you do not configure a  secure tunnel using OpenVPN, port 80 is used for replication and port 22 for vaulting. The necessary ports must be open in the firewall for management of the system from the replication target or vault. For more details, see KB 3372

Security LevelPorts OpenUsage
Low1Replication or legacy vaulting setup
22Secure shell
80HTTP web access
139Samba share
161SNMP
443Secure HTTP web access
445CIFS
873Rsync
8883ware web access
1194OpenVPN*
1743Extended Internet daemon
1744Extended Internet daemon
1745Extended Internet daemon
1746Extended Internet daemon
1747Extended Internet daemon
1748Extended Internet daemon
1749Extended Internet daemon
2049Network file system
3260iSCSI
4970Postgres database access
5432Postgres database access
5801VNC (Java) access
5900VNC access
5902VNC access
6001VNC HTTP web access
10000NDMP
Security LevelPorts OpenUsage
Medium1Replication or legacy vaulting setup
22Secure shell
39Samba share
443Secure HTTP web access
445CIFS
1194OpenVPN*
1743Extended Internet daemon
1745Extended Internet daemon
1746Extended Internet daemon
1747Extended Internet daemon
1748Extended Internet daemon
1749Extended Internet daemon
4970Postgres database access
5432Postgres database access
3260iSCSI
10000NDMP
Security LevelPorts OpenUsage
High1743Extended Internet daemon
1745Extended Internet daemon
1746Extended Internet daemon
1747Extended Internet daemon
1748Extended Internet daemon

level Ports open Usage
122 *OpenVPN by default should be configured on port 1194.  In some cases, including when working with Unitrends Cloud, this port may be a different port number.  Security levels are not supported to be enabled if Replication or Vaulting is used over openVPN on non-standard ports as this will prevent OpenVPN connections. 
 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us