Overview
You are running PeerApp UltraBand version 5.x and require assistance in addressing security vulnerabilities that have been flagged after a vulnerability assessment.
Solution
For customers on version 5, PeerApp does not have a version update that addresses specific security vulnerabilities so a software upgrade is not possible to fix security vulnerabilities.
What can be done instead is a firmware upgrade using the iDRAC. Customers without hardware support through PeerApp should reach out to Dell concerning this or follow the upgrade steps documented in this external KB article from Dell: How to Remotely Update Firmware Using the Integrated Dell Remote Access Controller (iDRAC) Web Interface.
After the firmware upgrade, you should have a firewall filter at your end to explicitly allow the PeerApp IP addresses and the protocols it uses. These are documented in the UltraBand DPI/PBR Pre-Installation Information and Requirements and also summarized below:
Use your firewall to filter traffic and allow access only from the following address ranges from which PeerApp requests access:
- 35.153.171.203 for the PeerApp FTP server (Purpose: Support)
- 52.44.115.17 for the PeerApp VPN (Purpose: Support).
Note: Allowing only the above IPs should not impact caching as such security enforcement does not tamper with the PeerApp Cache traffic.
On each of these IPs addresses, we'll need the following inbound ports mapped and permitted:
- TCP 22 (SSH)
- TCP 49 (TACACS, optional)
- TCP 443 (HTTPS)
- TCP 5800-5801 (Java software download for VNC)
- TCP 5900-5901 (VNC and Java Console)
- UDP 123 (NTP)
- UDP 161-162 (SNMP)
- ICMP ping
<supportagent>
See for general recommendations on Handling Security Vulnerabilities for PeerApp Ultraband Management IPs.
</supportagent>