CliQr is now part of Cisco Learn More About Cisco

AMQP Firewall Rules

AMQP Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

443Ingress0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)For SSH/VNC and RDP access of launched VMs.

5671

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
  • Worker VM IP Range

For communication from the CCO VM and from launched VMs.

7788Ingress/EgressAMQP

For SSH/VNC access of launched VMs. Done through reverse proxy. Done through reverse proxy for loop back connection.

7789

Ingress

Worker VM IP Range

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

8443

Egress

  • CCM or CCM_SA or CCM_LB
  • CCO or  CCO_LB

For SSH/VNC access of launched VMs. Guacamole server on AMQP VM communicates to the CCM and CCO VMs via this port.

AMQP_PRIMARY and AMQP_SECONDARY Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

Ingress/EgressAMQP_PRIMARY and AMQP_SECONDARYTo remotely configure the AMQP instance from another AMQP instance.
443IngressAMQP_LBFor SSH/VNC and RDP access of launched VMs.
4369Ingress/EgressAMQP_PRIMARY and AMQP_SECONDARYFor communication between AMQP primary and secondary VMs.

5671

Ingress

  • CCO or CCO_LB
  • Worker VM IP Range
  • AMQP_LB

For communication from the CCO VM and from launched VMs

7788Ingress/Egress

AMQP_LB

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

7789

Ingress

Worker VM IP Range

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

8443

Egress

  • CCM or CCM_SA or CCM_LB
  • CCO or
  • CCO_LB

For SSH/VNC access of launched VMs. Guacamole server on AMQP communicates to CCM and CCO on this port.

25672

Ingress/Egress

AMQP_PRIMARY and AMQP_SECONDARY

For communication between AMQP primary and secondary VMs.

AMQP_LB Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

443Ingress

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For SSH/VNC access of launched VMs. Done through reverse proxy.

EgressAMQP_PRIMARY and AMQP_SECONDARY

5671

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
  • Application (Worker) VM IP range

For communication from the CCO VM and from launched VMs.

EgressAMQP_PRIMARY and AMQP_SECONDARYFor communication between AMQP primary and secondary VMs.

7788

Ingress

AMQP_PRIMARY and AMQP_SECONDARY

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

7789Ingress

Worker VM IP Range

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

 

 

 

  • No labels