We are required to document open ports and reason they are open on appliances in our secure network. We ran a port scan on Oneview and found about 185 open ports. Is there documentation somewhere that I am not finding that lists these ports and what they are used for? And is there a way to turn off unused ports on the appliance?
All required ports are documented in the HPE OneView User Guide located in the Enterprise Information Library. Please review the table on Page 76. No, ports that are open and required cannot be closed or "turned off".
Actually not referring to the required ports. Our port scan for example shows ports 9, 14, 18, 89, 92, 96 etc open on the appliance. As well as many more. These are ports that are not on the required list. For our security purposes we have to be able to document what they are open for or that they can not be attached to for programtic updates in any way. Government required security is always fun.
I would really like to know what tool you used to scan for open ports. I just tested using Nmap 7.40 to scan a 3.00.05 appliance, and only the following ports were "open":
22/TCP (Service access, controlled by user accounts in OneView application, not general purpose SSH)
80/TCP (Redirects to 443)
443/TCP (Main UI and REST API interface)
5989/TCP (CIMOM service, need to find out why this port is open, could be part of the Storage Management feature we introduced in HPE OneView 1.10)
5671/TCP (RabbitMQ SCMB/MSMB)
123/UDP (NTP)
162/UDP (SNMP Trap service)
There were other ports "open", but it is a side affect of trying to scan UDP ports.
Our port scan for example shows ports 9, 14, 18, 89, 92, 96 etc
I can tell you that those ports are indeed NOT open on the appliance. I would ask that you and your customer reach out to IBM (which I believe owns the QRadar product) on how to resolve these false positives.
