Firewall configuration required by the management node

Unified Compute Platform (UCP) Advisor Software Installation Guide

Version
4.4.x
File Size
13.18 MB
Audience
anonymous
Part Number
MK-92UCP120-11

Security administrators use firewalls to protect the network, or selected components in the network, from intrusion. A firewall might be deployed between UCP and your management environment, depending on your deployment.

UCP Advisor requires that specific ports are open on the VM. These ports are preconfigured in the UCP Advisor plugin. You do not need to open them.

For a comprehensive list of TCP and UDP ports, see the following tables.

Required firewall port exceptions

The ports in the following table are used for UCP Advisor management traffic. To access UCP Advisor from the production network, exceptions for these ports are necessary.

UCP Advisor VMs

Source Destination Protocol/Port
Ethernet/Fibre Channel Device UCP Advisor Master Node IP TCP/22
Server BMC UCP Advisor Master Node IP

TCP/UDP/111, 2048-2050, 32765, 32767, 32768

Client UCP Advisor Master Node IP TCP/443, 8443
Client UCP Advisor Master Node IP TCP/6443
Client UCP Advisor Master Node IP TCP/6782
VCSA UCP Advisor Master Node IP TCP/8877
UCP Advisor Master Node/Worker Nodes UCP Advisor Master Node/Worker Nodes TCP/23023
UCP Advisor Master Node/Worker Nodes UCP Advisor Master Node/Worker Nodes TCP/23033
UCP Advisor Master Node/Worker Nodes UCP Advisor Gateway VM

NFS/2049

HTTPD/18443

File manager service/23019

TCP/8444

UCP Advisor Worker Node1 VCSA TCP/443
Storage UCP Advisor Worker Node1 UDP 9444-9449
UCP Advisor Worker Node1 Storage UDP 9444-9449
UCP Advisor Worker Node1 Ethernet/Fibre Channel Device TCP/22,TCP/443
UCP Advisor Master Node/Worker Nodes Server BMC TCP/443, UDP/161-162, UDP/623
UCP Advisor Gateway VM Storage TCP/443, UDP 9444-9449
UCP Advisor Gateway VM Network TCP/22, TCP/443
UCP Advisor Gateway VM Server TCP/443, UDP 161-162, UDP 623
SSH client UCP Advisor VMs TCP/22

UCP Advisor Service Console VM

Source Destination Protocol/Port
Service Console VM Server BMC (Redfish) TCP/HTTP/UDP80/443/623
Service Console VM ESXi SSH/22
Service Console VM vCenter (Pyvomi) TCP/HTTP 80/443
Note: ICMP pings are used for diagnosing laptop-to-BMC and laptop-to-ESXi outbound types.

Optional firewall port exceptions

The ports in the following table are used for UCP Advisor management traffic, element management traffic, and system integration traffic (DNS and NTP). The security administrator can configure firewall port exceptions.

Source Destination Protocol/Port
Hitachi Remote Ops VM UCP Advisor Master Node VM TCP/443