Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: 6.9.0
Component/s: Documentation
Labels:
None

Story Points:
0
Blocked:
False
Bugzilla Bug:
RHBZ: 1923793
Severity:
Moderate

Release Note Type:
None
Release Note Text:
None
Release Note Status:
None

PX Impact Score:
PX Priority Data:
SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Test Coverage:
None

Description of problem:

[RFE] Add feature in satellite/capsule to reduce a large number of network ports

Version-Release number of selected component (if applicable):
Satellite 6.9

How reproducible:
Always

Steps to Reproduce:
1. Install new satellite/External capsule
2. To connect satellite <-~~> capsule <~~-> client we have to open a number of ports
3. It has to be open at proxy/firewall/Internal iptables according to the requirement.

Actual results:

We have multiple ports that need to be open at each end.

Section: "Enabling Connections from a Client to Satellite Server"
Section: "Enabling Connections from Capsule Server to Satellite Server"
Section: "Enabling Connections from Satellite Server and Clients to Capsule Server"

Each port has a different usage, So accordingly we have to send a request to the network team for opening ports.

1.6. Ports and Firewalls Requirements
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.8/html/installing_satellite_server_from_a_connected_network/index

1.6. Ports and Firewalls Requirements
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.8/html-single/installing_satellite_server_from_a_connected_network/index#satellite-ports-and-firewalls-requirements_satellite

The ports which satellite requires to be opened is different because the purpose of communication differs. Red Hat satellite needs to communicate to Capsule server for its content management etc, but capsule needs to communicate to Satellite Server for various purposes like sending reports regarding a host to Satellite Server, etc.

Expected results:

So, instead of opening multiple ports at each end, possible for us to have a few or a single port, which will be used to communicate from each end?

Additional info:

This will be a product enhancement, because the large number of parts required, as well as the communication requirement in both directions, is
a) not firewall-friendly in highly segmented networks
b) a large number of required ports and the protocols required to operate Satellite 6 is perceived as a security risk.

This request is for a product enhancement to reduce the required ports for core functionality to https (tcp/443) in one direction only.

external trackers

Red Hat Issue Tracker SAT-1199

Red Hat Issue Tracker SAT-2356

Red Hat Issue Tracker SATDOC-571

Assignee:: Marie Hornickova

Reporter:: Ganesh Payelkar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2021/02/01 10:37 PM

Updated:: 2024/12/20 11:03 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates