OK, you have been tasked to configure firewall to allow ESRS server(s) to connect to EMC servers. Here is the diagram for you:
Any firewall admin, of course, will not be happy to open ports 443 and 8443 to all servers on the Internet. OK, here is the list of EMC servers’ host names, IP addresses and port numbers you need to open the connections to:
Source | Destination | IP address | Ports | |
ESRS IP Gateway Server(s) |
esrgweprd01.emc.com | 128.221.204.210 | 443 | 8443 |
esrgweprd02.emc.com | 128.221.204.211 | 443 | 8443 | |
esrgweprd03.emc.com | 128.221.204.213 | 443 | 8443 | |
esrghoprd01.emc.com | 168.159.209.11 | 443 | 8443 | |
esrghoprd02.emc.com | 168.159.209.12 | 443 | 8443 | |
esrghoprd03.emc.com | 168.159.209.13 | 443 | 8443 | |
esrgscprd01.emc.com | 137.69.120.170 | 443 | 8443 | |
esrgscprd02.emc.com | 137.69.120.171 | 443 | 8443 | |
esrgscprd03.emc.com | 137.69.120.172 | 443 | 8443 | |
esrgckprd01.emc.com | 152.62.177.11 | 443 | 8443 | |
esrgckprd02.emc.com | 152.62.177.12 | 443 | 8443 | |
esrgckprd03.emc.com | 152.62.177.13 | 443 | 8443 | |
esrgspprd01.emc.com | 152.62.45.11 | 443 | 8443 | |
esrgspprd02.emc.com | 152.62.45.12 | 443 | 8443 | |
esrgspprd03.emc.com | 152.62.45.13 | 443 | 8443 | |
esrs-core.emc.com | 128.221.192.14 | 443 | ||
esrs-coredr.emc.com | 168.159.218.21 | 443 | ||
esrs.emc.com | 128.221.192.13 | 443 | ||
esrs-dr.emc.com | 168.159.218.20 | 443 |
For the full list of ports that need to be configured for ESRS please refer to ‘Secure Remote Support IP Solution Port Requirements’ article on EMC Powerlink website. Also see Primus emc238467, “What IP addresses are used by the EMC Secure Remote Support IP Solution.” You can access this Primus at knowledgeBase.emc.com.
Home > Support > Technical Documentation and Advisories > Software ~ S ~ Documentation > Secure Remote Support > Secure Remote Support IP Solution (ESRS 2): > Installation/Configuration
UPDATE:
Although this blog post is more than three years old, it still gets a lot of hits which proves that people are still interested in firewall configuration for ESRS. Since the release of ERSR VE (see this post for details), the ESRS IP Gateway and Policy Manager are customer installable. When you configure ESRS VE, you can check if it can connect to the EMC ESRS infrastructure and reconfigure firewall rules if required.
Here is the list of Servers / IP Addresses / ports ESRS VE connects to:
Hope this help.
Hello,
How do I check if the firewall rules are met from array side. We have vmax in our environment and recently set the firewall rules for esrs implementation. How do I query the FW rules from array perspective. It can be done on GUI(unisphere)/CLI ?
Sandeep,
Array does not need to connect to the Internet. You only need to be sure that ESRS IP Gateway host(s) can connect to the array on 5114 (inbound) AND connect to ESRS infrastructure at EMC side (443/8443).
You can also test connectivity to ESRS IP Gateway(s) through Unisphere GUI: System – Service Tasks – Manage Connect Home for File. This will test if the array can send alerts to ESRS servers for them to forward them to EMC.
Hi, I cannot access the web UI for ESRS v3 after opening port 9443? Can anyone please advise as ESRS is in DMZ? Thanks.