CSP Compliance Manager 10.5.1 - Installation and Administration

All IP addresses must use IPv4. Cryptographic Security Platform Compliance Manager does not support IPv6 addresses.

For Cryptographic Security Platform Compliance Manager to Cryptographic Security Platform Compliance Manager and Cryptographic Security Platform Vault to Cryptographic Security Platform Compliance Manager, the following ports need to be open:

Internal protocol—The Cryptographic Security Platform Compliance Manager nodes must be able to communicate on TCP/443, TCP/2281, TCP/2888, TCP/3888, TCP/5432, TCP/8443, TCP/9093, and TCP/27017. If you have a firewall between one or more nodes, you need to make sure that these ports are open.
Cryptographic Security Platform Compliance Manager support-level access—Inbound TCP/22 from administrator systems to any Cryptographic Security Platform Compliance Manager server in the cluster.
Connected Data Sources—Inbound TCP/443 must be open for any data source that has been connected to Cryptographic Security Platform Compliance Manager.

For Cryptographic Security Platform Compliance Manager infrastructure services, the following ports need to be open:

DNS—Outbound UDP/53
SMTP—Outbound mail server, typically TCP/25.
Note: If you disable SMTPS, and the server supports StartTLS, then when the connection is made StartTLS will be used. SMTPS is not compatible with StartTLS, and only one can be used.
SYSLOG—An outbound TCP/UDP between 25 and 65535 if you want to use a remote syslog server. Cryptographic Security Platform Compliance Manager supports both TCP and UDP for syslog.
Backup and Restore via NFS—If you want to access the Cryptographic Security Platform Compliance Manager-generated backup files via NFS, you need to open the following ports: 2046 (lockd), 2047 (rpc statd), 2048 (rcp mountd), and 2049 (default NFS port).
If you need to check the port status, you can run one of the following commands:
rcpinfo <KeyControl_Compliance_Manager_IP_Address> or rcpinfo <KeyControl_Compliance_Manager_Name>
NTP—Outbound NTP servers, typically UDP/123 or TCP/123

Note: The network ports indicated for SMTP, syslog, and NTP are the typical ports for these services. If you need to change those ports, consult with the administrators of these services.