Ports used by SteelConnect CX for Inbound, Outbound and SSH connections.
Ports used by SteelConnect CX
Categories:
Solution Number:
S28011
Last Modified:
2021-09-29
Issue
Solution
Outbound Connections:
| Service | Protocol | Port(s) | Destination |
| DNS | udp/tcp | 53 | any |
| NTP | udp | 123 | any |
| HTTP redirect for Portal | tcp | 80 | any |
| Uplink IP Reflector | tcp | 80 | rfl.x.riverbed.cc |
| SteelConnect Manager/Core Server | tcp | 443 | core.ocedo.cc / core.riverbed.cc |
| Portal | tcp | 80/443 | <hostname>.ocedo.cc -or- <hostname>.riverbed.cc |
| Configuration and API | tcp | 3900 | <hostname>.ocedo.cc -or- <hostname>.riverbed.cc |
| Tunneled SSH | tcp | 3901 | <hostname>.ocedo.cc -or- <hostname>.riverbed.cc |
| Reporting | tcp | 3902 | <hostname>.ocedo.cc -or- <hostname>.riverbed.cc |
| SDWAN Controller | tcp | 3904 | <hostname>.ocedo.cc -or- <hostname>.riverbed.cc |
| Reporting | tcp | 3905 | <hostname>.ocedo.cc -or- <hostname>.riverbed.cc |
| Uplink Monitoring | icmp | any | |
| SteelHead-SD, 2030 and 5030 - Firmware download | tcp | 80/443 | download.riverbed.com |
| SteelHead-SD, 2030 and 5030 - Licensing Server | tcp | 80/443 | licensing.riverbed.com api.licensing.riverbed.com |
Inbound/Outbound Connections:
| Service | Protocol | Port(s) | Destination |
| AutoVPN SDI | udp | 500/4500 | any |
| AutoVPN SH-SD/2030 |
udp | 500/4500 (configurable) |
any |
| AutoVPN 5030 |
udp | 500/4501-4506 (configurable) |
Uplink public IP |
Tunneled SSH Client Connections:
| Service | Protocol | Port(s) | Destination |
| SSH Proxy | tcp | 3903 | <hostname>.ocedo.cc or <hostname>.riverbed.cc |
Ports needed for troubleshooting (System Dump upload & manual log copy):
| Service | Protocol | Port(s) | Destination |
| Riverbed FTP | tcp | 21 | ftp.riverbed.com |
| Riverbed SFTP | scp/sftp | 22 | sftp1.riverbed.com |
NOTE:
<hostname> should be the same as appears in the URL for the SteelConnect Manager. If your SteelConnect Manager is testcompany.riverbed.cc then you should use testcompany for <hostname>
API port is listed as port 3900. In most cases it is 3900. This can be verified by doing a DNS query for _cc._tcp.<hostname>.riverbed.cc.
_cc._tcp.<hostname>.riverbed.cc SRV service location:riverbed
priority = 10
weight = 10
port = 3900
svr hostname = <hostname>..cc
Where port equals the port number that should be used for API port.
VPN port numbers can be configured in the SteelConnect Manager under Network Design -> Sites and then selecting a particular site and clicking on the WAN/AutoVPN tab, going to the AutoVPN advanced settings section and changing the AutoVPN Port to a different port number.
The HTTP redirect for Portal TCP port 80 is required to allow the TCP three way handshake to complete. Once that has completed, portal will send a redirect to the client. The client will not actually exchange any HTTP data with the external site. Additionally, it should be the MGMT zone IP of the appliance in question that goes external. So in the strictest sense, the source need not be all client IPs, but only the IPs of the Appliance MGMT zone IPs.
Environment
SteelConnect CX Ports
Related Bugs
Attachments
Related Files
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Can't find an answer? Create a case