Knowledge Search


×
 

What network ports need to be opened for Junos Space

  [KB18148] Show Article Properties


Summary:

Users need to know which TCP and UDP ports are used when communicating with managed devices. This article lists the TCP and UDP ports that are used by Junos Space versions 11.4 and later.

Symptoms:

Users need to know the TCP/UDP ports used when communicating with the managed device; this would include device discovery as well as continued communications between the server and the device. Users also need to configure a firewall between the two, and have to make port mappings in both directions.

Cause:

Solution:

The following is a list of the required and optional open ports for Junos Space communications:

Communication between the Junos Device and Junos Space

  • TCP/7: inbound to the device management IP - (optional) Used for device discovery
  • TCP/22: inbound to the device management IP - Used to establish a Netconf over SSH connection to the router during device discovery
  • UDP/161: inbound to the device management IP - (optional) Used to perform SNMP queries on the device during device discovery
  • TCP/7804: inbound to the Junos Space server node(s) IP - Used for devices which use the outbound SSH connection model (device initiated)

Direct Customer Connection from Service Now to Juniper Support Systems (JSS)

  • TCP/443: Outbound from End Customer Service Now to services.juniper.net.
  • UDP/53: Outbound from Partner Proxy Service Now to DNS for resolution of services.juniper.net (Optional - this may be locally resolved, and not requiring an outbound DNS query)

For direct FTP upload of core files from device to ftp server, a device must have connectivity to an FTP server for the transfer. In addition, Service Now must have access to create a case specific directory on behalf of the device prior to the upload.

  • TCP/21: FTP control from device to ftp.juniper.net (or specified FTP server)
  • TCP/20: FTP data transfer from device  to ftp.juniper.net (or specified FTP server)

For secure mode SFTP upload of core files from a device through Service now to an SFTP server, Service Now utilizes existing SSH TCP/22 ports specified above, but Service Now will also require additional TCP/22 connectivity to the SFTP server.

  • TCP/22: Outbound from Service Now to sftp.juniper.net (or specified FTP server)

End Customer Connection from Service now to Partner Proxy Service Now

  • TCP/443: Outbound from End Customer Service Now to Partner Proxy Service Now IP address
  • UDP/53: Outbound from End Customer Service Now to DNS for resolution of services.juniper.net (Optional - this may be locally resolved, and not requiring an outbound DNS query)
For direct FTP upload of core files from device to an FTP server, a device must have connectivity to an FTP server for the transfer. In addition, Service Now must have access to create a case specific directory on behalf of the device prior to the upload.
  • TCP/21: FTP control from device to partner specified FTP server
  • TCP/20: FTP data transfer from device to partner specified FTP server

For a secure mode SFTP upload of core files from a device through Service now to an SFTP server, Service Now utilizes existing SSH TCP/22 ports specified above, but Service Now will also require additional TCP/22 connectivity to the SFTP server.

  • TCP/22: Outbound from Service Now to partner specified SFTP server.

Partner Proxy Service Now to Juniper Support Systems (JSS)

  • TCP/443: Inbound to Partner Proxy Service Now from End Customer Service Now IP addresses
  • TCP/443: Outbound from Partner Proxy Service Now to services.juniper.net
  • UDP/53: Outbound from Partner Proxy Service Now to DNS for resolution of services.juniper.net (Optional - this may be locally resolved, and not requiring an outbound DNS query)

For direct FTP upload of core files from a device to an FTP server, a device must have connectivity to an FTP server for the transfer. In addition, Service Now requires access to create a case specific directory on behalf of the device prior to the upload.

  • TCP/21: FTP control from device to ftp.juniper.net (or specified FTP server)
  • TCP/20: FTP data transfer from device to ftp.juniper.net (or specified FTP server)

For a secure mode SFTP upload of core files from a device through Service now to an SFTP server, Service Now utilizes existing SSH TCP/22 ports specified above, but Service Now will also require additional TCP/22 connectivity to the SFTP server.

  • TCP/22: Outbound from Service Now to sftp.juniper.net (or specified SFTP server)

Administrative access to either End Customer or Partner Proxy Service Now

  • TCP/443: Inbound to the Service Now address for secure HTTPS web access to the GUI
  • TCP/22: Inbound to the Service Now address for secure CLI command line access to the server
  • TCP/25: Outbound SMTP for delivery of email notifications (Optional - the notifications may not be configured, or may be sent internally)
  • UDP/161: Inbound SNMP access for remote monitoring of the device (Optional - monitoring may either not be being performed, or may be internally accessable)
Related Links: