NetBotz is  a family of products for performance, security and environmental system monitoring for network closets to data centers.

Network protocol and ports

ProtocolTransfer protocolPort(s)DispositionNetworkCredentials/AccessEncryptionComments
 FTP

TCP

21

Outbound – Not configured by default

FTP traffic from the NetBotz depends on alarm policy configuration and number of alarms.

As specified in the FTP remote server settings

Not supported by FTP

 

Telnet

TCP

23

Disabled by default

Network requirements are low based on user input.

 

Not supported by Telnet

Should only be open temporarily for support reasons

SMTP

TCP

25

Outbound – Not configured by default

Network requirements are low. Email traffic from the NetBotz depends on alarm policy configuration and number of alarms occurring.

As specified in email settings

Requires STARTTLS extension

Communication with email server

DNS

UDP

53

Outbound – Not configured by default

Very limited traffic and bandwidth requirement

As specified in external system configuration

Not supported

DNS server communication

DHCP Client

UDP

68

Outbound – Enabled only when DHCP IP address acquisition is enabled

Very limited traffic and bandwidth requirement

No credentials available

Not supported by DHCP

 

HTTP

TCP (SSL)

80 (443)

Inbound (default)

Network speed of minimum 100 Mbps is recommended. Bandwidth usage between client and server heavily depends on number of discovered devices, alarm configuration and operations carried out in the client e.g. report generation.

Manual created user and password (default apc/apc) Authentication server integration support. There is no option to reset client user password. Password policy is not implemented in NetBotz. The password consists of ASCII characters.

Server and client negotiate SSL cipher type and key length

Communication from NetBotz Appliances / DCE Console/Web API and 3rd party integrations. 

NFS

TCP/UDP

111

 

Depending on system integration

As specified in external system configuration

Not supported by protocol

NFS mounted external drive

NTP

TCP

123

 

Very limited traffic and bandwidth requirement

As specified in system time settings

Depending on system integration

NTP server communication

SMB

TCP/UDP

139

 

Depending on system integration

As specified in system storage settings

Depending on system integration

SMB communication to NAS/SAN

SNMP

UDP

161

Inbound / Outbound – Enabled by default

The bandwidth needed heavily depends on number of discovered devices, polling interval configured and alarm activity in the system.

Specified in device SNMP configuration. default community string: public

SNMP v3 offer encryption as configured

Change the default community strings and avoid SNMPv1 when possible

SNMP (Trap)

UDP

162

 

The bandwidth needed heavily depends on number of discovered devices, polling interval configured and alarm activity in the system.

Specified in device SNMP configuration

SNMP v3 offer encryption as configured

SNMP Communication between discovered devices and DCE

CIFS

TCP

445

 

Depending on system integration

As specified in external system configuration

Depending on system integration

CIFS communication to NAS/SAN

ModbusTCP

TCP

502

 

The bandwidth needed heavily depends on number of discovered devices, polling interval configured and alarm activity in the system.

Not supported by ModbusTCP

Not supported by ModbusTCP

ModbusTCP Communication from Modbus Device/Gateway

Rsyslog

UDP

514

Disabled by default

Depends on configuration

Not supported by rsyslog

Not supported by rsyslog

 

Socks

 

1080

Disabled by default

Depends on traffic over HTTP and HTTPS ports

As specified by the Socks proxy server

 

 

NFS

TCP/UDP

2049

 

Depending on system integration

As specified in external system configuration

Not supported by protocol

NFS communication to NAS/SAN

Firewall Configuration

NetBotz includes an IP Filtering feature. Configure IP Filtering in Advanced View.

Cybersecurity Considerations

Where possible, all unnecessary services should be disabled (SNMP, HTTP, etc.).

Use strong encryption (AES for SNMPv3, HTTPS, etc.).

Change the default password and use passwords that are considered strong.

If SNMP is required, consider changing the V1 community strings, and do not use SNMPv1 thereafter. Use SNMPv3 instead, configured with SHA and AES-128.


 


 

Skip to end of metadata
Go to start of metadata
  • No labels
RELATED COMMUNITY QUESTIONS
WAS THIS ARTICLE HELPFUL?