HPE OneView
1748237 Members
3693 Online
108759 Solutions
New Discussion

Open ports on HPE Oneview 3

 
SOLVED
Go to solution
Rick Drake
Occasional Contributor

Open ports on HPE Oneview 3

We are required to document open ports and reason they are open on appliances in our secure network.  We ran a port scan on Oneview and found about 185 open ports.  Is there documentation somewhere that I am not finding that lists these ports and what they are used for?  And is there a way to turn off unused ports on the appliance?

 

Rick Drake

 

9 REPLIES 9
ChrisLynch
HPE Pro

Re: Open ports on HPE Oneview 3

All required ports are documented in the HPE OneView User Guide located in the Enterprise Information Library.  Please review the table on Page 76.  No, ports that are open and required cannot be closed or "turned off".


I am an HPE employee

Accept or Kudo

Rick Drake
Occasional Contributor

Re: Open ports on HPE Oneview 3

Actually not referring to the required ports.  Our port scan for example shows ports 9, 14, 18, 89, 92, 96 etc open on the appliance.  As well as many more.  These are ports that are not on the required list.  For our security purposes we have to be able to document what they are open for or that they can not be attached to for programtic updates in any way.  Government required security is always fun.

ChrisLynch
HPE Pro

Re: Open ports on HPE Oneview 3

What tool are you using to "detect" open ports?


I am an HPE employee

Accept or Kudo

ChrisLynch
HPE Pro

Re: Open ports on HPE Oneview 3

I would really like to know what tool you used to scan for open ports.  I just tested using Nmap 7.40 to scan a 3.00.05 appliance, and only the following ports were "open":

  • 22/TCP (Service access, controlled by user accounts in OneView application, not general purpose SSH)
  • 80/TCP (Redirects to 443)
  • 443/TCP (Main UI and REST API interface)
  • 5989/TCP (CIMOM service, need to find out why this port is open, could be part of the Storage Management feature we introduced in HPE OneView 1.10)
  • 5671/TCP (RabbitMQ SCMB/MSMB)
  • 123/UDP (NTP)
  • 162/UDP (SNMP Trap service)

There were other ports "open", but it is a side affect of trying to scan UDP ports.

 


I am an HPE employee

Accept or Kudo

Rick Drake
Occasional Contributor

Re: Open ports on HPE Oneview 3

As best I can determine the product they are using is called QRadar.

 

ChrisLynch
HPE Pro
Solution

Re: Open ports on HPE Oneview 3

Our port scan for example shows ports 9, 14, 18, 89, 92, 96 etc

I can tell you that those ports are indeed NOT open on the appliance.  I would ask that you and your customer reach out to IBM (which I believe owns the QRadar product) on how to resolve these false positives.


I am an HPE employee

Accept or Kudo

Rick Drake
Occasional Contributor

Re: Open ports on HPE Oneview 3

Thank you I will pass that on to the team.

 

Rick Drake

 

mustafa2
Occasional Visitor

Re: Open ports on HPE Oneview 3

Port 80 is a nonsecure port, is there a way to disable it or change it to 8080?

I am using  OneView  6.60.02-0467825

I know it is required for redirection but our cyber security team is asking to disable it

ChrisLynch
HPE Pro

Re: Open ports on HPE Oneview 3

Unfortunately, there is no ability to close port 80 on the appliance.  As you stated, it does support redirection for clients attempting to connect to port 80, but it also rejects non-secure connection attempts to the appliance.  All unauthorized and authorized connect attempts to port 80 are rejected.


I am an HPE employee

Accept or Kudo