|
<< Click to Display Table of Contents >> Navigation: Introduction > Installation and setup > Network settings and required ports |
Overview
Module/Usage |
Port |
Protocol |
Direction |
Required |
Proxy possible |
Changeable |
|---|---|---|---|---|---|---|
!MC5 license validation |
8920 |
TCP |
outgoing |
yes |
no |
optional usage of port 80 (selectable during online registration) |
License validation uses the domains oftp2.bartschsoft.com (primary) and register.bartschsoft.com (secundary). |
||||||
Update downloads |
80 |
TCP |
outgoing |
yes |
yes |
no |
Updates are downloaded from the domain www.bartschsoft.de. |
||||||
TSL downloads |
80 oder 443 |
TCP |
outgoing |
no, but recommended |
yes |
no (depends on used TSLs) |
CRL downloads |
80 oder 443 |
TCP |
outgoing |
no, but recommended |
yes |
no (dependy on used certificates) |
OCSP checks |
80 oder 443 |
TCP |
outgoing |
no, but recommended |
yes |
no (depends on used certificates) |
AS2, incoming connections |
443 |
TCP |
incoming |
yes |
no |
yes |
AS2, outgoing connectinos |
no default port |
TCP |
outgoing |
yes |
no |
individual setting per partner possible |
OFTP2, incoming connections |
6619 |
TCP |
incoming |
yes |
- |
no |
OFTP2, outgoing connections |
usually 6619 |
TCP |
outgoing |
yes |
no |
individual setting per partner possible |
OFTP/TCP, incoming connections |
3305 |
TCP |
incoming |
yes |
- |
no |
OFTP/TCP, outgoing connections |
usually 3305 |
TCP |
outgoing |
yes |
no |
individual setting per partner possible |
SFTP, outgoing connections |
usually 22 |
TCP |
outgoing |
yes |
no |
individual setting per partner possible |
SFTP, incoming connections |
default 22 |
TCP |
incoming |
yes |
no |
yes |
Add-On Client/Server |
10000, 10001 |
TCP |
incoming and outgoing |
yes |
no |
yes |
Add-On HTTP Client |
8080 |
TCP |
incoming |
yes |
- |
yes |
!MC5 general
For registration and regular license validation !MC5 requires outbound traffic on port 8920 (TCP), or optionally port 80 (TCP), to be unblocked. Without license validation !MC5 its not possible to run !MC5 (short outages or network problems won't cause !MC5 to stop).
Furthermore, outgoing HTTP connections via port 80 (TCP) to the domain www.bartschsoft.de must be possible for performing updates and HTTP connections via port 80 (TCP) or HTTPS connections via port 443 (TCP) must also be possible for downloading TSLs (Trusted Service Status Lists). Whether HTTP or HTTPS is used depends on the TSLs used. The automatic download of the Odette TSL is done via HTTPS by default.
Certificate validation
When checking the validity of certificates, CRLs (Certificate Revocation Lists) are retrieved and/or OCSP (Online Certificate Status Protocol) checks are performed, depending on the certificate. These generally take place via HTTP or HTTPS connections over port 80 or 443 (TCP). The exact addresses and ports for these checks are read from the respective certificate or its issuing certificates (e.g., via the certificate property "CRL Distribution Points" in which a URL for revocation lists can be specified).
The checking of the certificate status via CRLs or OCSP cannot be deactivated as this is an integral part of the certificate security! Whether the revocation check is mandatory or not can be set under Settings / !MC5 / Security. If the revocation check is mandatory and downloading a CLR or checking via OCSP fails, an error is generated and the corresponding certificate is considered invalid. Otherwise only a corresponding warning is generated.
For downloads and certificate validation a proxy can be used, which can be configured in Settings / !MC5 / Proxy. License validation requires a direct connection!
Module AS2
AS2 uses HTTP or HTTPS as transmission protocol, which in turn runs over TCP. !MC5 allows incoming connections only encrypted via HTTPS and uses the HTTPS default port 443 in the basic settings for incoming connections. This can be adjusted as desired under Settings / AS2. Firewall and port forwarding must be configured accordingly.
When using port 443 it is to be expected that !MC5 will register many connections from unknown, caused e.g. by malicious port scanners. There is no security risk because !MC5 does not allow direct file accesses or similar via AS2.
Outbound !MC5 supports unencrypted AS2 connections via HTTP as well as encrypted connections via HTTPS. The port to be used can be adjusted for each partner individually.
FTP module
The ports used by FTP are intentionally not listed in the table above, because it is not so easy to list the ports used by FTP. The default port for FTP is port 21, but this is only used to establish the command connection. For the actual data transfer additional TCP connections are used. Depending on the selected FTP mode, these are established from the server to the client (active) or from the client to the server (passive). No matter in which direction, random ports greater than 1024 are generally used here.
Due to the more complex firewall/router configuration as well as the lack of encryption, we recommend using FTP only in internal networks or via VPN connections.
Module OFTP2
Inbound connections use port 6619 (TCP), the default port for secure OFTP2 connection. This port cannot be changed. Firewalls and port forwarding have to be configured accordingly.
Outbound connection usually also use port 6619 (TCP). For outbound connections this port can be changed per partner.
Additionally the above mentioned ports are required for TSL downloads and certificate validation.
Module OFTP/TCP
Inbound connections use port 3305 (TCP), the default port for unencrypted OFTP connections. this port cannot be changed. Firewalls and port forwarding have to be configured accordinly.
Outbound connections usually also use port 3305 (TCP). For outbound connections this port can be changed per partner.
Module SFTP
The default port for incoming connections (server) is port 22 (TCP). This can be adjusted globally for all incoming SFTP connections in the SFTP settings.
Outgoing connections (client) usually also run via port 22 (TCP). However, this may differ per partner and can be adjusted in the partner settings.
Add-On Client/Server
The add-on Client/Server by default uses ports 10000 and 10001 (TCP) in- and outbound. The first of the used port can be changed in Settings / !MC5 / Remote controls. Additionally to the selected port the directlyfollowing port will be used.
Add-On HTTP Client
The add-on HTTP Client by default uses port 8080 for inbound traffic. This port can be changed in Settings / !MC5 / HTTP Client.