- To ensure that your server is secure, Aspera strongly recommends allowing inbound
connections for SSH on TCP/33001 (or on another non-default,
configurable TCP port), and disallowing inbound connections on TCP/22.
If you have a legacy customer base using TCP/22, you can allow inbound
connections on both ports. For details on securing your individual
Aspera transfer server product, review the corresponding user
manuals.
- Allow inbound connections for FASP transfers, which use UDP/33001 by
default, although the server may also choose to run FASP transfers on
another port.
- For current nodes and legacy nodes that have been converted to current nodes, allow an
inbound connection on TCP 9092.
- For legacy nodes (unconverted), allow an inbound connection for Aspera Central (for
example, TCP/40001).
- For legacy nodes (unconverted), allow an outbound connection for logging to Console on
TCP/4406.
Note: No servers are listening on UDP ports.
When an Aspera client
initiates a transfer, the client opens an SSH session to the SSH server on
the designated TCP port and negotiates the UDP port over which the data
transfer will occur. |