CliQr is now part of Cisco Learn More About Cisco

AMQP Firewall Rules

AMQP Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

80Egress0.0.0.0/0To download installer or virtual appliance packages.
443Egress0.0.0.0/0To download installer or virtual appliance packages.
443Ingress0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)For SSH/VNC and RDP access of launched VMs.

5671

Ingress

  • CCO or
  • CCO_LB
  • Worker VM IP Range

For communication from the CCO VM and from launched VMs.

7789

Ingress

Worker VM IP Range

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

7788

Ingress/Egress

  • AMQP or
  • AMQP_PRIMARY, AMQP_SECONDARY, and AMQP_LB

For SSH/VNC access of launched VMs. Done through reverse proxy. Done through reverse proxy for loop back connection.

8443

Egress

  • CCM or CCM_SA or CCM_LB
  • CCO or  CCO_LB

For SSH/VNC access of launched VMs. Guacamole server on AMQP VM communicates to the CCM and CCO VMs via this port.

AMQP_PRIMARY and AMQP_SECONDARY Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

80Egress0.0.0.0/0To download installer or virtual appliance packages.
443Egress0.0.0.0/0To download installer or virtual appliance packages.
443Ingress0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)For SSH/VNC and RDP access of launched VMs.

5671

Ingress

  • CCO or CCO_LB
  • Worker VM IP Range

For communication from the CCO VM and from launched VMs

7789

Ingress

Worker VM IP Range

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

7788

Ingress/Egress

  • AMQP or
  • AMQP_LB

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

8443

Egress

  • CCM or CCM_SA or CCM_LB
  • CCO or
  • CCO_LB

For SSH/VNC access of launched VMs. Guacamole server on AMQP communicates to CCM and CCO on this port.

4369

Ingress/Egress

AMQP_PRIMARY and AMQP_SECONDARY

For communication between AMQP primary and secondary VMs.

25672

Ingress/Egress

AMQP_PRIMARY and AMQP_SECONDARY

For communication between AMQP primary and secondary VMs.

AMQP_LB Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

80Egress0.0.0.0/0To download installer or virtual appliance packages.
443Egress0.0.0.0/0To download installer or virtual appliance packages.
443Ingress

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For SSH/VNC access of launched VMs. Done through reverse proxy.

5671

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, CCO_TERTIARY, and CCO_LB
  • Application (Worker) VM IP range

For communication from the CCO VM and from launched VMs.

7789

Ingress

Worker VM IP Range

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

7788

Ingress

  • AMQP or
  • AMQP_PRIMARY, AMQP_SECONDARY, and AMQP_LB

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

 

 

 

  • No labels