Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Check Whether Network Firewall Ports Are Enabled?
Question
How do I check whether network firewall ports are enabled?
Answer
The check method varies depending on whether the proxy server is configured or not.
Proxy Server Not Configured
- Test the connection between the DNS server and storage system.
- Log in to DeviceManager.
- Choose
Settings >
Basic Information > DNS Service.
- Test the connection between the DNS server and storage system. If the connection is normal, go to 2.
- You can click Test of each DNS IP address to test its availability.
- You can click Test All to test the connection between the DNS server and storage system.
- Obtain the URL of the technical support center to which alarm and event data of the storage system will be uploaded.
- Carrier in China region: icloudservice-cn.huawei.com
- Carrier in Romania region: itr-eservicero-carrier.huawei.com
- Enterprise in China region: ecloudService-cn.huawei.com
- Enterprise in Romania region: itr-eservicero-ent.huawei.com
- Obtain the IP address of the technical support center.
- Log in to the storage system using the CLI.
- Run change user_mode current_mode user_mode=developer to go to the developer view.
- Run minisystem to go to the minisystem mode.
- Run ping URL of the technical support center. For example, run ping itr-eservicero-ent.huawei.com for Enterprise in Romania region.
- If the ping operation succeeds, the value of XXX.XXX.XXX.XXX in the parentheses in the command output is the IP address of the technical support center.
- If the ping operation fails, check the network firewall and DNS configuration.
Storage: minisystem> ping tr-eservicero-ent.huawei.com PING tr-eservicero-ent.huawei.com (XXX.XXX.XXX.XXX) 56(84) bytes of data. 64 bytes from XXX.XXX.XXX.XXX: icmp_seq=1 ttl=64 time=0.720 ms 64 bytes from XXX.XXX.XXX.XXX: icmp_seq=2 ttl=64 time=0.181 ms
- Check whether the storage system can be properly connected to ports 7448, 8448, and 9448 of the technical support center.
In minisystem mode, run telnet XXX.XXX.XXX.XXX 7448, telnet XXX.XXX.XXX.XXX 8448, and telnet XXX.XXX.XXX.XXX 9448.
- XXX.XXX.XXX.XXX is the IP address of the technical support center obtained in 3.d.
- If the command output displays Connected to XXX.XXX.XXX.XXX, the connection is normal.
- If the connection is abnormal, check the connectivity between the storage system and the external network, for example, firewall configuration.
Storage: minisystem> telnet XXX.XXX.XXX.XXX 7448 Trying XXX.XXX.XXX.XXX... Connected to XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX). Escape character is '^]'.
Proxy Server Configured
- Check the connection between the storage system and the proxy server.
- Log in to the storage system using the CLI.
- Run change user_mode current_mode user_mode=developer to go to the developer view.
- Run minisystem to go to the minisystem mode.
- Run ping XXX.XXX.XXX.XXX. XXX.XXX.XXX.XXX is the proxy server's IP address.
- If the ping operation succeeds, go to 1.e.
- If the ping operation fails, check the network connection.
Storage: minisystem> ping tr-eservicero-ent.huawei.com PING tr-eservicero-ent.huawei.com (XXX.XXX.XXX.XXX) 56(84) bytes of data. 64 bytes from XXX.XXX.XXX.XXX: icmp_seq=1 ttl=64 time=0.720 ms 64 bytes from XXX.XXX.XXX.XXX: icmp_seq=2 ttl=64 time=0.181 ms
- In minisystem mode, run telnet XXX.XXX.XXX.XXX YY to check whether the port used by the proxy server to communicate with the storage system is correct. XXX.XXX.XXX.XXX indicates the IP address of the proxy server, and YY indicates the port number of the proxy server.
- If the port number of the proxy server is correct, go to 2.
- If the port number of the proxy server is incorrect, correct it by referring to the related product documentation of the proxy server.
- Obtain the URL of the technical support center to which alarm and event data of the storage system will be uploaded.
- Carrier in China region: icloudservice-cn.huawei.com
- Carrier in Romania region: itr-eservicero-carrier.huawei.com
- Enterprise in China region: ecloudService-cn.huawei.com
- Enterprise in Romania region: itr-eservicero-ent.huawei.com
- Obtain the IP address of the technical support center.
- Log in to the management interface of the proxy server. The following uses the proxy server running Linux as an example.
- Run ping URL of the technical support center. For example, run ping itr-eservicero-ent.huawei.com for Enterprise in Romania region.
- If the ping operation succeeds, the value of XXX.XXX.XXX.XXX in the parentheses in the command output is the IP address of the technical support center. Go to 4.
- If the ping operation fails, check the network firewall and DNS configuration.
[root@localhost ~]# ping tr-eservicero-ent.huawei.com PING tr-eservicero-ent.huawei.com (XXX.XXX.XXX.XXX) 56(84) bytes of data. 64 bytes from XXX.XXX.XXX.XXX: icmp_seq=1 ttl=64 time=0.720 ms 64 bytes from XXX.XXX.XXX.XXX: icmp_seq=2 ttl=64 time=0.181 ms
- Check whether the proxy server can be properly connected to ports 7448, 8448, and 9448 of the technical support center.
Log in to the management interface of the proxy server, and run telnet XXX.XXX.XXX.XXX 7448, telnet XXX.XXX.XXX.XXX 8448, and telnet XXX.XXX.XXX.XXX 9448.
- XXX.XXX.XXX.XXX is the IP address of the technical support center obtained in 3.b.
- If the command output displays Connected to XXX.XXX.XXX.XXX, the connection is normal.
- If the connection is abnormal, check the configuration of the firewall between the proxy server and the external network.
- If the connection is normal but alarms and logs cannot be sent to eService after eService is configured, enable the HTTP proxy service for ports 7448, 8448, and 9448 of the proxy server by referring to the related product documentation of the proxy server.
[root@localhost ~]# telnet XXX.XXX.XXX.XXX 7448 Trying XXX.XXX.XXX.XXX... Connected to XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX). Escape character is '^]'.