- All communication is outbound from an appliance to a vault or management portal.
- No inbound ports need to be opened at a customer location.
Global Management Portal (GMP):
The following inbound TCP ports need to be NAT’d to the Global Management Portal (GMP):
- 22, 80 (for https redirect), 443, and 10,000-10,000+N where N is the number of appliances and vaults communicating with the Global Management Portal.
The following inbound TCP ports need to be NAT’d to the Vault:
- 22, 80 (if https redirect is desired), 443, 9080, and 9081.
The following TCP ports need to be open between the Replibit backup agent and the Appliance:
- 9090-9200 usually only needs to be done if the backup agent and the appliance have a firewall between them.
- 15000 internally is required for console to virtualized systems
- 860 and 3260 internally for iSCSI connection to appliance
All devices must be able to reach licensing.replibit.com and pkgmgrrepo.replibit.net on ports 80 and 443
Some firewalls/routers have very low TCP timeout settings by default. These can affect long-lived TCP connections such as the connection between the appliances and vaults to the Global Management Portal. Always set TCP timeout settings for all Replibit services to the maximum allowable on the device.
To increase the TCP timeout setting on SonicWall firewalls:
Login to your Sonicwall device
Go to the top-level menu item “Firewall”
Choose “TCP Settings”
Change the “Default TCP Connection Timeout” from its default value of 15 minutes to 720 minutes