Firewalls
Ports used by SEP Sesam
When using the standard configuration for SEP Sesam the following TCP ports must be open:
Server:
- stpd 11001
- remote-gui 11401
Client:
- ctrl 11301
- data 1024-65535 (can be limited with the custom ports option below)
Standard Connection Process:
- The Sesam server opens a connection to port 11301 on client
- The Sesam client opens a connection to port 11001 on Sesam server (or remote device server).
- The Sesam server opens a connection to a random port above 1024 on the client.
Custom Ports for firewalled/nat/wan/vpn clients:
- Edit the properties of the client (Components > Topology)
- Switch to the "Options" tab
- Add 11003-11010 to specify a port range, 2 ports are required for each stream, these reduce your "data" ports above
- Enable access to these ports from the sesam server to the client in the client and/or edge firewall(s)
SSH Alternative:
- Use ssh-genkey (as root on the backup server) to create a key pair, don't use a password. They will be saved by default as /root/.ssh/id.[dr]sa.[prv|pub]
- To "allow" this key to access the server you will have to transfer it to /root/.ssh/authorized_keys on the server.
- Transfer the file with the following command, twice
- The server ssh client (/etc/ssh/ssh_config) should consider Compression=Yes and CompressionLevel=6 for optimal VPN/CPU performance
root@SEP_SERVER# scp -v /root/.ssh/id.rsa.pub root@SEP_CLIENT:/root/.ssh/authorized_keys.
You can use multiple keys in the authorized_keys file, one on each line.
After this setup you should be able to login to the sep server as root and ssh to the client as root without using a password, set the client properties connection method to ssh and the access option "-s".
"If you are asked for the password on the second attempt there is a problem which may be located in /etc/ssh/sshd_config as AuthorizedKeysFile=[/dev/null|/any/empty/file]"Request Call
Our sales team would be happy to assist you!
Media Library
Browse and discover videos by SEP.
