In order to allow remote management,
VMWare integration and snapshot replication, SynetoOS uses a set of TCP ports.
Inbound Ports
SynetoOS does not need any ports opened from the internet towards the appliance to have a functioning support tunnel when enabled and access to software updates.
You need to setup port forwarding only when configuring snapshot replication between two Syneto appliances in different locations and you are not using VPN between the two sites.
Outbound Ports
To provide the basic range of features, SynetoOS should be allowed to connect to the ports and destinations listed below
| Port | Destination | Description | Service |
| 22 TCP | a. syneto.eu b. Other Syneto appliances c. central.syneto.eu d. central.api.syneto.eu e. files.syneto.eu f. stc-0.syneto.eu g. stc-1.syneto.eu h. stc-2.syneto.eu i. stc-3.syneto.eu j. stc-4.syneto.eu k. stc-5.syneto.eu l. stc-6.syneto.eu m. stc-7.syneto.eu | Required for Syneto Remote Support tunnel Required for snapshot replication to other Syneto appliances | SSH Secure Shell service allows you to connect to the CLI management interface. It is also used for secure snapshot replication. |
| 80 TCP | pkg.syneto.eu | Required for SynetoOS software updates | HTTP / Web Server Allows accessing the management with an http:// prefix. Redirects immediately to https:// for security reasons. |
| 443 TCP | a. pkg.syneto.eu b. central.syneto.eu c. central.api.syneto.eu d. files.syneto.eu e. VMware ESXi host(s) f. VMware vCenter g. stc-0.syneto.eu h. stc-1.syneto.eu i. stc-2.syneto.eu j. stc-3.syneto.eu k. stc-4.syneto.eu l. stc-5.syneto.eu m. stc-6.syneto.eu n. stc-7.syneto.eu | Required for SynetoOS software updates Required for Syneto Remote Support tunnel SerenITy service & other hybrid cloud services delivered via Syneto Central platform Uploading support files using the support-upload CLI command Connections to other ESXi hosts, running VMs on other ESXi hosts Querying information about virtual machines | HTTPS / Web Server Web Management Interface. |
IPMI Ports
TCP Ports: 80, 443, 5901, 5900, 5120, 5123
UDP Ports: 623
ESXi Ports
"The vSphere Client and the VMware Host Client allow you to open and close firewall ports for each service or to allow traffic from selected IP addresses.
ESXi includes a firewall that is enabled by default. At installation time, the ESXi firewall is configured to block incoming and outgoing traffic, except traffic for services that are enabled in the host's security profile. For the list of supported ports and protocols in the ESXi firewall, see the VMware Ports and Protocols Toolâ„¢ at https://ports.vmware.com/. ..."
See more details on the official documentation: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-171B99EA-15B3-4CC5-8B9A-577D8336FAA0.html
For full range of features also include the bellow list of ports and destinations
| Port | Destination/ Services | Description |
| 25 TCP | Email server | Allows SynetoOS to send email alerts to administrators. Required if the email server supports this port |
| 465 TCP | Email server | Allows SynetoOS to send email alerts to administrators. Required if the email server supports this port |
| 587 TCP | Email server | Allows SynetoOS to send email alerts to administrators. Required if the email server supports this port |
| 53 UDP | DNS server | Allows hostname resolution |
| 123 UDP | NTP server | Allows access to network time protocol (NTP) servers for time synchronization |
| 902 TCP | VMware ESXi hosts | Allows network block device (NBD) data transfers from an external VMware ESXi host and a Syneto appliance (for VM migrations or Chronos) |
| 3260 TCP | iSCSI targets | Allows for iSCSI data transfers |
| 111, 968, 2049, 4045 TCP | NFS | Used for sharing datastores to ESXi hosts. |
| 137,138 TCP | SMB | Used for SMB sharing. |
| 548 TCP | AFP | Used for AFP sharing. |
| 2003, 2004, 7002 | carbon_cache | Used for Analytics. |
| 5353 UDP | mdnsd | DNS resolver. Used to resolve host names. |
| 11211 | memcached | Used by the Web Management Interface to cache various data in the memory. |
| 9000-9099 TCP | mbuffer | One port opened temporarily for each non-encrypted snapshot replication. Port is closed after a snapshot is received. These ports cannot be NATed, or you have to NAT all of them one-to-one on your gateway. |