- Firewall (on the Console machine)
Open the following ports on the Console machine:
- For the Web UI, allow inbound connections for HTTP and/or HTTPS Web access (e.g. TCP/80, TCP/443).
- Allow outbound connections for SSH (to be used for node administration) on a non-default, configurable TCP port (e.g. TCP/33001).
- Allow an outbound connection for Aspera Central (e.g. TCP/40001).
- Allow an inbound connection for MySQL (e.g. TCP/4406).
- Firewall (on the Node Machines)
Open the following ports on the Node Machines (Aspera Enterprise, Connect or Faspex Servers, or Aspera Point-to-Point):
- An Aspera server runs one SSH server on a configurable TCP port (22, by default, for Aspera Server 2.6, and 33001, by default, for Aspera Server 2.7). To ensure that your server is secure, Aspera strongly recommends allowing inbound connections for SSH on TCP/33001 (or on another non-default, configurable TCP port), and disallowing inbound connections on TCP/22. If you have a legacy customer base utilizing TCP/22, then you can allow inbound connections on both ports. For details on securing your individual Aspera transfer server product(s), please review their corresponding user manuals.
- Allow inbound connections for fasp transfers, which use UDP/33001 by default, although the server may also choose to run fasp transfers on another port.
- Allow an inbound connection for Aspera Central (e.g. TCP/40001).
- Allow an outbound connection for logging to Console on TCP/4406.