Visitors

EMC Secure Remote Support (ESRS) firewall configuration

OK, you have been tasked to configure firewall to allow ESRS server(s) to connect to EMC servers. Here is the diagram for you:

EMC Secure Remote Support (ESRS) firewall configuration

Any firewall admin, of course, will not be happy to open ports 443 and 8443 to all servers on the Internet. OK, here is the list of EMC servers’ host names, IP addresses and port numbers you need to open the connections to:

Source Destination IP address Ports
ESRS IP Gateway
Server(s)
esrgweprd01.emc.com 128.221.204.210 443 8443
esrgweprd02.emc.com 128.221.204.211 443 8443
esrgweprd03.emc.com 128.221.204.213 443 8443
esrghoprd01.emc.com 168.159.209.11 443 8443
esrghoprd02.emc.com 168.159.209.12 443 8443
esrghoprd03.emc.com 168.159.209.13 443 8443
esrgscprd01.emc.com 137.69.120.170 443 8443
esrgscprd02.emc.com 137.69.120.171 443 8443
esrgscprd03.emc.com 137.69.120.172 443 8443
esrgckprd01.emc.com 152.62.177.11 443 8443
esrgckprd02.emc.com 152.62.177.12 443 8443
esrgckprd03.emc.com 152.62.177.13 443 8443
esrgspprd01.emc.com 152.62.45.11 443 8443
esrgspprd02.emc.com 152.62.45.12 443 8443
esrgspprd03.emc.com 152.62.45.13 443 8443
esrs-core.emc.com 128.221.192.14 443
esrs-coredr.emc.com 168.159.218.21 443
esrs.emc.com 128.221.192.13 443
esrs-dr.emc.com 168.159.218.20 443

For the full list of ports that need to be configured for ESRS please refer to ‘Secure Remote Support IP Solution Port Requirements’ article on EMC Powerlink website. Also see Primus emc238467, “What IP addresses are used by the EMC Secure Remote Support IP Solution.” You can access this Primus at knowledgeBase.emc.com.

Home > Support > Technical Documentation and Advisories > Software ~ S ~ Documentation > Secure Remote Support > Secure Remote Support IP Solution (ESRS 2): > Installation/Configuration

UPDATE:

Although this blog post is more than three years old, it still gets a lot of hits which proves that people are still interested in firewall configuration for ESRS. Since the release of ERSR VE (see this post for details), the ESRS IP Gateway and Policy Manager are customer installable. When you configure ESRS VE, you can check if it can connect to the EMC ESRS infrastructure and reconfigure firewall rules if required.

Here is the list of Servers / IP Addresses / ports ESRS VE connects to:

Host Name IP Address Ping Time(ms) Ping Status Port 443 Port 8443 Ping Channel
esrghoprd01.emc.com 168.159.209.11 4281  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrghoprd02.emc.com 168.159.209.12 4286  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrghoprd03.emc.com 168.159.209.13 4283  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgweprd01.emc.com 128.221.204.210 4288  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgweprd02.emc.com 128.221.204.211 4279  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgweprd03.emc.com 128.221.204.213 4287  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgckprd01.emc.com 152.62.177.11 4293  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgckprd02.emc.com 152.62.177.12 4278  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgckprd03.emc.com 152.62.177.13 4292  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgscprd01.emc.com 137.69.120.170 4289  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgscprd02.emc.com 137.69.120.171 4269  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgscprd03.emc.com 137.69.120.172 4292  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgspprd01.emc.com 152.62.45.11 4272  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgspprd02.emc.com 152.62.45.12 4299  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrgspprd03.emc.com 152.62.45.13 4297  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green Bypass proxy for error
esrs.emc.com 128.221.192.13 997  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green NA Through proxy
esrs-core.emc.com 128.221.192.14 847  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green NA Through proxy
esrs-dr.emc.com 168.159.218.20 1293  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green NA Through proxy
esrs-coredr.emc.com 168.159.218.21 777  ERSR VE firewall configuration - green  ERSR VE firewall configuration - green NA Through proxy

Hope this help.

3 comments to EMC Secure Remote Support (ESRS) firewall configuration

  • sandeep

    Hello,

    How do I check if the firewall rules are met from array side. We have vmax in our environment and recently set the firewall rules for esrs implementation. How do I query the FW rules from array perspective. It can be done on GUI(unisphere)/CLI ?

    • Sandeep,
      Array does not need to connect to the Internet. You only need to be sure that ESRS IP Gateway host(s) can connect to the array on 5114 (inbound) AND connect to ESRS infrastructure at EMC side (443/8443).
      You can also test connectivity to ESRS IP Gateway(s) through Unisphere GUI: System – Service Tasks – Manage Connect Home for File. This will test if the array can send alerts to ESRS servers for them to forward them to EMC.

  • Bhaskar

    Hi, I cannot access the web UI for ESRS v3 after opening port 9443? Can anyone please advise as ESRS is in DMZ? Thanks.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  

  

  

This site uses Akismet to reduce spam. Learn how your comment data is processed.