Skip to main content
NetApp Knowledge Base

Which ports are needed to run Virus Scan / FPolicy through a firewall?

Views:
878
Visibility:
Public
Votes:
0
Category:
data-ontap-8
Specialty:
nas
Last Updated:

Applies to

  • Data ONTAP 7 and earlier

Answer

Warning: Consider the motivation in regards to the firewall under the following aspect:

Per definition, the Vscan service needs to be part of the Backup Operator group. That makes the SCAN-host the only system that has unfiltered and unchecked access to ALL files stored on the attached filers. If you put your Vscan server behind a firewall due to a potential threat (e.g. a service sharing the same hardware/OS is connected to the Internet), you might consider splitting the Vscan host off to a separate system to prevent extensive damage after a security breach.

It is not recommended to run Vscan or FPolicy through a firewall as this might add additional latency to the service causing the client access to slow down.

For FPolicy or Vscan to function properly, the following ports need to be open on the firewall for Data ONTAP 7-Mode releases:

Filer Direction Vscan / FPolicy Server
ANY ->

NETBIOS Name Service (TCP:137)

NETBIOS Datagram Service (TCP:138)

NETBIOS Session Service (TCP:139)

SMB over IP (TCP:445)

HTTP (TCP:80)

HTTPS (TCP:443)

NETBIOS Name Service (TCP:137)

NETBIOS Datagram Service (TCP:138)

NETBIOS Session Service (TCP:139)

SMB over IP (TCP:445)

HTTP (TCP:80)

HTTPS (TCP:443)

<- ANY

Additional ports may need to be opened from the filer to its Active Directory domain controller for the purpose of authenticating the Windows service account running the Vscan or FPolicy software.

Additional Information

For Clustered Data Ontap firewall configuration see the relevant articles for fpolicy and vscan
NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.