098-00720-000 Revision D1 – February, 2018 SyncServer 600 Series User’s Guide 331
Appendix E IP Port Details
In This Appendix
Ethernet Port Isolation
Management Port Rules
Timing Port Rules
Ethernet Port Isolation
The SyncServer S600 Series Network Time Servers have four Ethernet ports.
These independent ports allow the SyncServer to connect to distinct Ethernet
subnets. There is only one CPU in the SyncServer, so all of the Ethernet traffic, with
the exception of the NTP Reflector, is ultimately handled by the protocol stack of the
operating system.
The SyncServer uses the operating system IP packet filtering facilities to secure the
SyncServer from unwanted access. The SyncServer also creates rules to filter IP
packets based on the pre-assigned role of each Ethernet port. The SyncServer
assigns different roles to the Ethernet ports. The LAN1 port serves the distinction of
being the management port. The other ports serve as timing ports only. Each role is
defined as the set of supported protocols allowed for that Ethernet port. By default,
the SyncServer is configured to reject all TCP/UDP IP packets.
Management Port Rules
The management port allows the following types of IP packets:
HTTP: inbound and outbound TCP packets on port 80
HTTPS: inbound and outbound TCP packets on port 443
SNMP: inbound and outbound UDP packets on port 161
SSH: inbound and outbound packets TCP on port 22
NTP: inbound and outbound UDP packets on port 123
The management port uses the following types of IP packets, but the ports do not
show as open on a port scanner:
SMTP: inbound and outbound TCP packets on port 25
To Next Page
Loading...
