Network Management

Hi,
we noticed a strange issue today with iMC, configured to take backups of our switches on a second location, connected to our HQ via VPN. The iMC runs on a virutal server in the HQ. 

Now, if we want to backup our local switches, that works completely fine because we allow any to any from the iMC server into the management network. For the remote office, we allowed SMTP, FTP, TFTP, syslog and SSH. Now if I want to take a backup of a remote switch, I dont only get the TFTP ports shown in the log, but everytime we try a number of random destination ports in the portrange of 20xxx to 50xxx. 

What is the server trying to connect to, and why? A manual backup to TFTP via SSH directly on the switch to PumpKIN FTP running on the iMC server didnt work either. For testing, we switched to any*any from iMC server > remote network, leaving the policies for remote network > iMC server as is (only syslog, FTP, TFTP, SSH and SMTP). Now the backup works, and we dont get the strange random ports in the firewall log? 

Is there a list of what ports iMC actually uses, or any settings to define them? I found one article from HPE regarding the ports, but none of those random ports we saw was mentioned in there. 


------------------------------
WhiteHelix
------------------------------

Hello there,

There is a table in the Release notes for every version  called TCP port usage. You can check it here:

https://support.hpe.com/hpesc/public/docDisplay?docId=a00118145en_us

Kind regards,

------------------------------
Marina Milenkova
------------------------------

Original Message:
Sent: Feb 23, 2022 07:34 AM
From: Daniel Gotteswinter
Subject: iMC using random ports for TFTP backup

Hi,
we noticed a strange issue today with iMC, configured to take backups of our switches on a second location, connected to our HQ via VPN. The iMC runs on a virutal server in the HQ. 

Now, if we want to backup our local switches, that works completely fine because we allow any to any from the iMC server into the management network. For the remote office, we allowed SMTP, FTP, TFTP, syslog and SSH. Now if I want to take a backup of a remote switch, I dont only get the TFTP ports shown in the log, but everytime we try a number of random destination ports in the portrange of 20xxx to 50xxx. 

What is the server trying to connect to, and why? A manual backup to TFTP via SSH directly on the switch to PumpKIN FTP running on the iMC server didnt work either. For testing, we switched to any*any from iMC server > remote network, leaving the policies for remote network > iMC server as is (only syslog, FTP, TFTP, SSH and SMTP). Now the backup works, and we dont get the strange random ports in the firewall log? 

Is there a list of what ports iMC actually uses, or any settings to define them? I found one article from HPE regarding the ports, but none of those random ports we saw was mentioned in there. 


------------------------------
Daniel Gotteswinter
------------------------------

Hi,

in the release notes there is unfortunately no documentation of the ports that were used by our iMC Server.

------------------------------
WhiteHelix
------------------------------

Original Message:
Sent: Mar 01, 2022 09:12 AM
From: Marina Milenkova
Subject: iMC using random ports for TFTP backup

Hello there,

There is a table in the Release notes for every version  called TCP port usage. You can check it here:

https://support.hpe.com/hpesc/public/docDisplay?docId=a00118145en_us

Kind regards,

------------------------------
Marina Milenkova

Original Message:
Sent: Feb 23, 2022 07:34 AM
From: Daniel Gotteswinter
Subject: iMC using random ports for TFTP backup

Hi,
we noticed a strange issue today with iMC, configured to take backups of our switches on a second location, connected to our HQ via VPN. The iMC runs on a virutal server in the HQ. 

Now, if we want to backup our local switches, that works completely fine because we allow any to any from the iMC server into the management network. For the remote office, we allowed SMTP, FTP, TFTP, syslog and SSH. Now if I want to take a backup of a remote switch, I dont only get the TFTP ports shown in the log, but everytime we try a number of random destination ports in the portrange of 20xxx to 50xxx. 

What is the server trying to connect to, and why? A manual backup to TFTP via SSH directly on the switch to PumpKIN FTP running on the iMC server didnt work either. For testing, we switched to any*any from iMC server > remote network, leaving the policies for remote network > iMC server as is (only syslog, FTP, TFTP, SSH and SMTP). Now the backup works, and we dont get the strange random ports in the firewall log? 

Is there a list of what ports iMC actually uses, or any settings to define them? I found one article from HPE regarding the ports, but none of those random ports we saw was mentioned in there. 


------------------------------
WhiteHelix
------------------------------