Community
HPE OneView

Open ports on HPE Oneview 3

 
SOLVED
Go to solution
Rick Drake
Occasional Contributor

‎03-28-2017 04:28 AM

‎03-28-2017 04:28 AM

Open ports on HPE Oneview 3

We are required to document open ports and reason they are open on appliances in our secure network.  We ran a port scan on Oneview and found about 185 open ports.  Is there documentation somewhere that I am not finding that lists these ports and what they are used for?  And is there a way to turn off unused ports on the appliance?

 

Rick Drake

 

0 Kudos
Reply
7 REPLIES 7
ChrisLynch
HPE Pro

‎03-28-2017 11:10 AM - edited ‎03-28-2017 11:11 AM

‎03-28-2017 11:10 AM - edited ‎03-28-2017 11:11 AM

Re: Open ports on HPE Oneview 3

All required ports are documented in the HPE OneView User Guide located in the Enterprise Information Library.  Please review the table on Page 76.  No, ports that are open and required cannot be closed or "turned off".


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
Rick Drake
Occasional Contributor

‎03-28-2017 01:21 PM

‎03-28-2017 01:21 PM

Re: Open ports on HPE Oneview 3

Actually not referring to the required ports.  Our port scan for example shows ports 9, 14, 18, 89, 92, 96 etc open on the appliance.  As well as many more.  These are ports that are not on the required list.  For our security purposes we have to be able to document what they are open for or that they can not be attached to for programtic updates in any way.  Government required security is always fun.

0 Kudos
Reply
ChrisLynch
HPE Pro

‎03-28-2017 01:25 PM

‎03-28-2017 01:25 PM

Re: Open ports on HPE Oneview 3

What tool are you using to "detect" open ports?


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
ChrisLynch
HPE Pro

‎03-28-2017 08:46 PM

‎03-28-2017 08:46 PM

Re: Open ports on HPE Oneview 3

I would really like to know what tool you used to scan for open ports.  I just tested using Nmap 7.40 to scan a 3.00.05 appliance, and only the following ports were "open":

  • 22/TCP (Service access, controlled by user accounts in OneView application, not general purpose SSH)
  • 80/TCP (Redirects to 443)
  • 443/TCP (Main UI and REST API interface)
  • 5989/TCP (CIMOM service, need to find out why this port is open, could be part of the Storage Management feature we introduced in HPE OneView 1.10)
  • 5671/TCP (RabbitMQ SCMB/MSMB)
  • 123/UDP (NTP)
  • 162/UDP (SNMP Trap service)

There were other ports "open", but it is a side affect of trying to scan UDP ports.

 


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
Rick Drake
Occasional Contributor

‎03-29-2017 12:11 PM

‎03-29-2017 12:11 PM

Re: Open ports on HPE Oneview 3

As best I can determine the product they are using is called QRadar.

 

0 Kudos
Reply
ChrisLynch
HPE Pro

‎03-29-2017 09:25 PM

‎03-29-2017 09:25 PM

Solution

Re: Open ports on HPE Oneview 3

Our port scan for example shows ports 9, 14, 18, 89, 92, 96 etc

I can tell you that those ports are indeed NOT open on the appliance.  I would ask that you and your customer reach out to IBM (which I believe owns the QRadar product) on how to resolve these false positives.


I am an HPE employee

Accept or Kudo

0 Kudos
Reply
Rick Drake
Occasional Contributor

‎03-31-2017 06:29 AM

‎03-31-2017 06:29 AM

Re: Open ports on HPE Oneview 3

Thank you I will pass that on to the team.

 

Rick Drake

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.