→ Applies to: SynetoOS 6.x
IMPORTANT
The specific group of firewall ports listed below should never be changed, as they are essential for the proper functioning of all SynetoOS services. Any changes to the firewall configuration that do not follow the instructions in this document may cause SynetoOS to not function properly.
SynetoOS must always remain connected to the Internet, as access to the external network is essential to ensure the correct functioning of its services. If a direct Internet connection is not possible, it is recommended to configure a proxy to allow SynetoOS to access the external network.
SynetoOS Outbound Ports (Mandatory)
The following outbound port forwarding is always necessary in SynetoOS.
| Port | Protocol | Destination | Description |
| 443 | TCP & UDP |
34.154.214.5 / proxy.t.syneto.eu |
Support services |
| 443 | TCP & UDP |
35.204.93.231 / sync.cloud.syneto.eu |
Licensing and synchronization services |
| 443 | TCP & UDP |
34.154.23.138 / central.api.syneto.eu |
Support tunnels |
| 443 | TCP & UDP |
34.141.128.6 / harbor.syneto.eu |
Latest cluster container images pulling |
| 443 | TCP & UDP |
35.157.184.188 / yum.syneto.eu |
TPM packages downloading |
| 443, 50052 | TCP & UDP |
34.154.23.138 / scr.syneto.eu |
Central services |
| 50052 | TCP & UDP |
34.154.23.138 / central.backend.syneto.eu |
gRPC protocol connection to the following services
1. Licensing service
2. Monitoring services
3. Synch service
4. User event service
|
| 50052 | TCP & UDP |
34.154.23.138 / central.iam-auth.syneto.eu |
Central authentication |
| 443 | TCP & UDP | storage.googleapis.com | Download additional tools |
IPMI Outbound Ports (Mandatory)
The following ports must be opened for outbound connections on IPMI.
TCP: 80, 443, 5901, 5900, 5120, 5123
UDP: 623
SynetoOS Internal Ports (Mandatory)
The following ports must be opened on the internal network.
| Port | Protocol | Destination / Service | Description |
| 25, 465, 587 | TCP | Email server | Allows SynetoOS to send email alerts to administrators. Required if the email server supports this port. |
| 53 | TCP and UDP | DNS server | Hostname resolution |
| 123 | UDP | NTP server | NTP synchronization |
| 902 | TCP | VMware ESXi hosts | Allows network block device (NBD) data transfers from an external VMware ESXi host and a Syneto appliance (for VM migrations or Chronos) |
| 111, 968, 2049, 4045 | TCP | NFS | Datastore sharing to ESXi hosts |
| 9000-9099 | TCP | mbuffer | Any port (one port) in the range, to be opened temporarily for each non-encrypted snapshot replication. After the snapshot is received the port can be closed. These ports cannot be NATed, or you have to NAT all of them one-to-one on your gateway. |