In order to allow remote support and management, 
VMWare integration and snapshot replication, SynetoOS uses a set of TCP ports.


Inbound Ports

SynetoOS 5 does not need any ports opened from the internet towards the appliance to have a functioning support tunnel when enabled and access to software updates. 

You need to setup port forwarding only when configuring snapshot replication between two HYPER appliances in different locations and you are not using VPN between the two sites.


Outbound Ports 

To provide the basic range of features, SynetoOS 5 must be allowed to connect to the ports and destinations listed below.


Port

Destination

Description

443 TCP

34.154.214.5 / proxy.t.syneto.eu

Syneto Support Services

50052 TCP

34.154.23.138 / central.backend.syneto.eu 

For grpc protocol that connects to the following destination url(s):

  1. licensing service:

/licensing.Service/Activate
/licensing.Service/GetLicensingDetails

2. monitoring service:

/monitoring.Service/Configure
/monitoring.Service/Destroy
/monitoring.Service/Setup

3. sync service:

/sync.Service/GetAccountDetails

4. user event service:

/user_event.Service/Receive
443 TCP35.204.93.231 / sync.cloud.syneto.eu
Licensing & synchronization service

443 TCP

34.154.23.138 / central.api.syneto.eu

for the Syneto support tunnels

50052 TCP

34.154.23.138 / central.iam-auth.syneto.eu

for authentication of the Central user

443 TCP

34.141.128.6 / harbor.syneto.eu

for pulling the latest cluster container images

443 TCP

35.219.226.134 / yum.syneto.eu 

for downloading rpm packages



IPMI Ports
TCP Ports: 80, 443, 5901, 5900, 5120, 5123
UDP Ports: 623



For the full range of features include the list below of outgoing ports and destinations from SynetoOS 5 towards the internal network.


PortDestination / ServicesDescription
25 TCPEmail serverAllows SynetoOS to send email alerts to administrators. Required if the email server supports this port
465 TCPEmail serverAllows SynetoOS to send email alerts to administrators. Required if the email server supports this port
587 TCPEmail serverAllows SynetoOS to send email alerts to administrators. Required if the email server supports this port
53 UDPDNS serverAllows hostname resolution
123 UDPNTP serverAllows access to network time protocol (NTP) servers for time synchronization
902 TCPVMware ESXi hostsAllows network block device (NBD) data transfers from an external VMware ESXi host and a Syneto appliance (eg: for VM migrations)
111, 968, 2049, 4045 TCPNFSUsed for sharing datastores to ESXi hosts.
9000-9099 TCPReplication
One port opened temporarily for each non-encrypted snapshot replication.
Port is closed after a snapshot is received. These ports cannot be NATed, or you have to NAT all of them one-to-one on your gateway.
22 TCP HYPER appliance / ReplicationAllows SynetoOS to send replicas to another HYPER appliance
443 TCPHYPER appliance / ReplicationAllows SynetoOS to send replicas and orchestrate another HYPER appliance