2.4. Additional Requirements

Red Hat Satellite has some additional considerations before installation. These additional requirements must be met before starting the Satellite installation.

2.4.1. Firewall

Protect your Red Hat Satellite environment with a firewall by blocking all unnecessary and unused ports.
Client systems connect to Red Hat Satellite over ports 80, 443, and 4545 (if Monitoring is enabled). In addition, enabling push actions from Red Hat Satellite to client systems, as described in Section 8.7, “Enabling Push to Clients”, requires inbound connections on port 5222. Finally, if the Satellite pushes to a Red Hat Proxy Server, allow inbound connections on port 5269.
The following table provides a list of port requirements for Red Hat Satellite.

Table 2.1. Ports to open on the Red Hat Satellite Server

Port Protocol Direction Reason
67 TCP/UDP Inbound Open this port to configure the Red Hat Satellite as a DHCP server for systems requesting IP addresses.
69 TCP/UDP Inbound Open this port to configure Red Hat Satellite as a PXE server and allow installation and re-installation of PXE-boot enabled systems.
80 TCP Outbound Red Hat Satellite uses this port to reach Red Hat Network.
80 TCP Inbound Web UI and client requests come in via http.
443 TCP Inbound Web UI and client requests come in via https.
443 TCP Outbound Red Hat Satellite uses this port to reach Red Hat Network (unless running in a disconnected mode for Satellite).
4545 TCP Inbound and Outbound Red Hat Satellite Monitoring makes connections to rhnmd running on client systems, if Monitoring is enabled and probes are configured for registered systems.
5222 TCP Inbound This port pushes actions to client systems.
5269 TCP Inbound and Outbound This port pushes actions to Red Hat Proxy Server.
5432 TCP Inbound and Outbound This is a requirement for communication with a PostgreSQL database server if using an External Database or Managed Database.
Finally, open your firewall to the following hosts for access to Red Hat's Content Delivery Network (CDN):
  • rhn.redhat.com
  • xmlrpc.rhn.redhat.com
  • satellite.rhn.redhat.com
  • content-xmlrpc.rhn.redhat.com
  • content-web.rhn.redhat.com
  • content-satellite.rhn.redhat.com