Security administrators use firewalls to protect the network, or selected components in the network, from intrusion. A firewall might be deployed between UCP and your management environment, depending on your deployment.
UCP Advisor requires that specific ports are open on the VM. These ports are preconfigured in the UCP Advisor plugin. You do not need to open them.
For a comprehensive list of TCP and UDP ports, see the following tables.
Required firewall port exceptions
The ports in the following table are used for UCP Advisor management traffic. To access UCP Advisor from the production network, exceptions for these ports are necessary.
UCP Advisor VM
Source | Destination | Protocol/Port |
---|---|---|
IO card discovery microservice | Compute BMC/iLO | UDP/623, TCP/443 |
IO card pcie card upgrade microservice | Compute BMC/iLO | UDP/623, TCP/443 |
Client | UCP Advisor Master Node IP | TCP/23019 |
idm microservice | UCP Advisor Master Node IP | TCP/8081 |
BMC | UCP Advisor Master Node IP | TCP/2049 |
UCP Advisor Master Node IP | TCP/111 | |
UCP Advisor Master Node IP | TCP/2048 | |
UCP Advisor Master Node IP | TCP/2050 | |
UCP Advisor Master Node IP | TCP/32765 | |
UCP Advisor Master Node IP | TCP/32767 | |
UCP Advisor Master Node IP | TCP/18443 | |
license-server | UCP Advisor Master Node IP | TCP/6379 |
Client | UCP Advisor Master Node IP | TCP/443 |
UCP Advisor Master Node IP | TCP/8444 | |
VCSA | UCP Advisor Master Node IP | TCP/8877 |
BMC | UCP Advisor Master Node IP | UDP/2049 |
UCP Advisor Master Node IP | UDP/2048 | |
UCP Advisor Master Node IP | UDP/111 | |
UCP Advisor Master Node IP | UDP/32765 | |
UCP Advisor Master Node IP | UDP/32767 | |
UCP Advisor Master Node IP | UDP/32768 | |
UCP Advisor Master Node IP | UDP/1888 | |
Storage Array | UCP Advisor Master Node IP | UDP/10441 |
UCP Advisor Master Node IP | UDP/10442 | |
Client | UCP Advisor Master Node IP | TCP/6443 |
UCP Advisor Master Node IP | TCP/2379 | |
UCP Advisor Master Node IP | TCP/2380 | |
UCP Advisor Master Node IP | TCP/10250 | |
UCP Advisor Master Node IP | UDP/8472 | |
sdi gateway compute microservice | Compute BMC/iLO | UDP/623, TCP/443 |
sdi gateway network microservice | FC/Ethernet switch | TCP/443, TCP/22 |
sdi gateway storage microservice | Storage array | TCP/1099, TCP/51099, TCP/51100 |
sdi gateway storage | External sdi gateway storage | TCP/8444, UDP/10441, UDP/10442 |
Serviceability | Serviceability in the other Advisor node | TCP/23033 |
Ethernet/Fibre Channel | scp host ip | TCP/22 |
Device | scp host ip | TCP/22 |
UCP Advisor Master Node IP | License-server | TCP/6379 |
UCP Advisor Gateway VM | Storage | TCP/443, UDP 9444-9449 |
UCP Advisor Gateway VM | Network | TCP/22, TCP/443 |
UCP Advisor Gateway VM | Server TCP | TCP/443, UDP 161-162,UDP 623 |
SSH client | All Node IPs | TCP/22 |
UCP Advisor Service Console VM
Source | Destination | Protocol/Port |
---|---|---|
Service Console VM | Server BMC (Redfish) | TCP/HTTP/UDP80/443/623 |
Service Console VM | ESXi | SSH/22 |
Service Console VM | vCenter (Pyvomi) | TCP/HTTP 80/443 |
Optional firewall port exceptions
The ports in the following table are used for UCP Advisor management traffic, element management traffic, and system integration traffic (DNS and NTP). The security administrator can configure firewall port exceptions.
Source | Destination | Protocol/Port |
---|---|---|
Hitachi Remote Ops VM | UCP Advisor Master Node VM | TCP/443 |