Security administrators use firewalls to protect the network, or selected components in the network, from intrusion. A firewall might be deployed between UCP and your management environment, depending on your deployment.
UCP Advisor requires that specific ports are open on the VM. These ports are preconfigured in the UCP Advisor plugin. You do not need to open them.
For a comprehensive list of TCP and UDP ports, see the following tables.
Required firewall port exceptions
The ports in the following table are used for UCP Advisor management traffic. To access UCP Advisor from the production network, exceptions for these ports are necessary.
UCP Advisor VMs
Source | Destination | Protocol/Port |
---|---|---|
Ethernet/Fibre Channel Device | UCP Advisor Master Node IP | TCP/22 |
Server BMC | UCP Advisor Master Node IP |
TCP/UDP/111, 2048-2050, 32765, 32767, 32768 |
Client | UCP Advisor Master Node IP | TCP/443, 8443 |
Client | UCP Advisor Master Node IP | TCP/6443 |
Client | UCP Advisor Master Node IP | TCP/6782 |
VCSA | UCP Advisor Master Node IP | TCP/8877 |
UCP Advisor Master Node/Worker Nodes | UCP Advisor Master Node/Worker Nodes | TCP/23023 |
UCP Advisor Master Node/Worker Nodes | UCP Advisor Master Node/Worker Nodes | TCP/23033 |
UCP Advisor Master Node/Worker Nodes | UCP Advisor Gateway VM |
NFS/2049 HTTPD/18443 File manager service/23019 TCP/8444 |
UCP Advisor Worker Node1 | VCSA | TCP/443 |
Storage | UCP Advisor Worker Node1 | UDP 9444-9449 |
UCP Advisor Worker Node1 | Storage | UDP 9444-9449 |
UCP Advisor Worker Node1 | Ethernet/Fibre Channel Device | TCP/22,TCP/443 |
UCP Advisor Master Node/Worker Nodes | Server BMC | TCP/443, UDP/161-162, UDP/623 |
UCP Advisor Gateway VM | Storage | TCP/443, UDP 9444-9449 |
UCP Advisor Gateway VM | Network | TCP/22, TCP/443 |
UCP Advisor Gateway VM | Server | TCP/443, UDP 161-162, UDP 623 |
SSH client | UCP Advisor VMs | TCP/22 |
UCP Advisor Service Console VM
Source | Destination | Protocol/Port |
---|---|---|
Service Console VM | Server BMC (Redfish) | TCP/HTTP/UDP80/443/623 |
Service Console VM | ESXi | SSH/22 |
Service Console VM | vCenter (Pyvomi) | TCP/HTTP 80/443 |
Optional firewall port exceptions
The ports in the following table are used for UCP Advisor management traffic, element management traffic, and system integration traffic (DNS and NTP). The security administrator can configure firewall port exceptions.
Source | Destination | Protocol/Port |
---|---|---|
Hitachi Remote Ops VM | UCP Advisor Master Node VM | TCP/443 |