CliQr is now part of Cisco Learn More About Cisco

CCM Firewall Rules

CCM Ports

Port

Direction

Remote Source

Notes

80

Ingress (optional)

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For HTTP to HTTPS redirection.

Egress0.0.0.0/0To download installer or appliance packages.

443      

Egress0.0.0.0/0To download installer or appliance packages.

Ingress

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For UI/API access.

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

5671

Ingress/Egress (optional)ESB API CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish programmatic access to the AMQP module – only required if you use the ESB functionality.
15672Ingress/Egress (optional)ESB UI CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish access to the AMQP module from the AMQP UI – only required if you use the ESB functionality.

8443

 

Ingress

  • CCO IP or
  • CCO_LB

For two-way communication between the CCO and CCM VMs.

Icon

Required for all Cloud Regions supported by your CloudCenter deployment.

Egress

  • CCO IP or
  • CCO_LB

Ingress (optional)

Monitor

For two-way communication between the Monitor CM and the CCM VM.

Egress (Optional)

Monitor

Ingress

  • AMQP or
  • AMQP_LB

For Web SSH/VNC through Guacamole.

CCM_SA Ports

Port

Direction

Remote Source

Notes

80

Ingress (optional)

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For HTTP to HTTPS redirection.

Egress0.0.0.0/0To download installer or appliance packages.

443      

Egress0.0.0.0/0To download installer or appliance packages.

Ingress

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For UI/API access.

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

5671Ingress/Egress (optional)ESB API CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish programmatic access to the AMQP module – only required if you use the ESB functionality.
15672Ingress/Egress (optional)ESB UI CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish access to the AMQP module from the AMQP UI – only required if you use the ESB functionality.

8443

 

Ingress

  • CCO or 
  • CCO_LB

For two-way communication between the CCO and CCM VMs.

Egress

  • CCO or
  • CCO_LB

Ingress (optional)

Monitor

For two-way communication between Monitor VM and the CCM VM.

Egress (Optional)

Monitor

Ingress

  • AMQP or
  • AMQP_LB

For Web SSH/VNC through Guacamole.

  5432

Egress

MGMTPOSTGRES

For communication to the database.

MGMTPOSTGRES Ports

Port

Direction

Remote Source

Notes

80Egress0.0.0.0/0To download installer or appliance packages.
443Egress0.0.0.0/0To download installer or appliance packages.

22

Ingress (Optional)

Allowed SSH source IP

For troubleshooting purposes.

5432  

Ingress 

CCM_SA

For incoming connection from a CCM standalone VM.

MGMTPOSTGRES_MASTER and MGMTPOSTGRES_SLAVE Ports

Port

Direction

Remote Source

Notes

22

Ingress (Optional)

Allowed SSH source IP

For troubleshooting purposes.

Ingress/EgressMGMTPOSTGRES_MASTER, MGMTPOSTGRES_SLAVEFor static file sync between the MGMTPOSTGRES master and slave VMs.
80Egress0.0.0.0/0To download installer or appliance packages.
443Egress0.0.0.0/0To download installer or appliance packages.

5432

Ingress 

CCM_SA_PRIMARY, CCM_SA_SECONDARY

For incoming connection from the CCM standalone VM.

Ingress/Egress

MGMTPOSTGRES_MASTER, MGMTPOSTGRES_SLAVE

For communication between master and slave database VMs.

5405

(UDP)

Ingress/Egress

MGMTPOSTGRES_MASTER, MGMTPOSTGRES_SLAVE

2224

Ingress/Egress

MGMTPOSTGRES_MASTER, MGMTPOSTGRES_SLAVE

For Pacemaker clustering between both database VMs to ensure high availability.

 

 

3121

Ingress/Egress

MGMTPOSTGRES_MASTER, MGMTPOSTGRES_SLAVE

21064

Ingress/Egress

MGMTPOSTGRES_MASTER, MGMTPOSTGRES_SLAVE

CCM_SA_PRIMARY and CCM_SA_SECONDARY Ports

Port

Direction

Remote Source

Notes

80Egress0.0.0.0/0To download installer or appliance packages.

443

 

Ingress

CCM_LB

For incoming connection from the CCM load balancer VM.

Egress0.0.0.0/0To download installer or appliance packages.

22

Ingress (Optional)

Allowed SSH source IP

For troubleshooting purposes.

Ingress/Egress

  • CCM_SA_PRIMARY or
  • CCM_SA_SECONDARY

For static file sync between the CCM Primary and Secondary VMs.

8443

 

 

Ingress

CCM_LB

For incoming connection from CCM load balancer VM.

Egress

  • CCO or
  • CCO_LB

For communication to the CCO VMs.

Egress (Optional)

Monitor

For communication to Monitor VM.

5671Ingress/Egress (optional)ESB API CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish programmatic access to the AMQP module – only required if you use the ESB functionality.
15672Ingress/Egress (optional)ESB UI CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish access to the AMQP module from the AMQP UI – only required if you use the ESB functionality.

 5703

Ingress/Egress

  • CCM_SA_PRIMARY or
  • CCM_SA_SECONDARY

For internal implementation to handle data in HA.

 5432

Egress

  • MGMTPOSTGRES or
  • MGMTPOSTGRES_VIP

For communication to the database.

4560EgressLogstashTo collect, process, and push the logs to the CCM and/or CCO.
8881EgressElasticsearchTo download logs for the CCM and/or CCO.

CCM_LB Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

80

Ingress (optional)

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For HTTP to HTTPS redirection.

Egress0.0.0.0/0To download installer or appliance packages.

443      

 

Egress0.0.0.0/0To download installer or appliance packages.

Ingress

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For UI/API access.

Egress

CCM_SA_PRIMARY and CCM_SA_SECONDARY

For communication with CCM primary and secondary VMs.

8443

 

Egress

CCM_SA_PRIMARY and CCM_SA_SECONDARY

For communication with CCM primary and secondary VMs.

Ingress

  • CCO or
  • CCO_LB

For communication from the CCO VM.

Ingress (optional)

Monitor

For communication from the Monitor VM.

Ingress

  • AMQP or
  • AMQP_LB

For Web SSH/VNC through Guacamole.

 

 

  • No labels