2.4. Additional Requirements

Red Hat Network Satellite has some additional considerations before installation. Ensure to meet these additional requirements before commencing the Satellite installation.

2.4.1.  Firewall

The entire Satellite solution should be protected by a firewall if the Satellite accesses or is accessed via the Internet. All unnecessary ports should be firewalled off. Client systems connect to Satellite over ports 80, 443, and 4545 (if Monitoring is enabled). In addition, if you plan to enable the pushing of actions from the Satellite to client systems, as described in Section 9.11, “Enabling Push to Clients”, you must allow inbound connections on port 5222. Finally, if the Satellite will also push to an Red Hat Network Proxy Server, you must also allow inbound connections on port 5269.

Table 2.5. Ports to open on the Satellite

Port Protocol Direction Reason
67 TCP/UDP Inbound Open this port to configure the Satellite system as a DHCP server for systems requesting IP addresses.
69 TCP/UDP Inbound Open this port to configure Satellite as a PXE server and allow installation and re-installation of PXE-boot enabled systems.
80 TCP Outbound Satellite uses this port to reach Red Hat Network.
80 TCP Inbound Web UI and client requests come in via http.
443 TCP Inbound Web UI and client requests come in via https.
443 TCP Outbound Red Hat Network Satellite uses this port to reach Red Hat Network (unless running in a disconnected mode for Satellite).
4545 TCP Inbound and Outbound Red Hat Network Satellite Monitoring makes connections to rhnmd running on client systems, if Monitoring is enabled and probes are configured for registered systems.
5222 TCP Inbound If you plan to push actions to client systems.
5269 TCP Inbound and Outbound If you push actions to or via an Red Hat Network Proxy Server.