CliQr is now part of Cisco Learn More About Cisco

CCM Firewall Rules

CCM Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

80Ingress (optional)0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For HTTP to HTTPS redirection.

443Ingress

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For UI/API access.

4560EgressMonitorFor ELK communication – Elasticsearch Port.
5671Ingress/Egress (optional)ESB API CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish programmatic access to the AMQP module – only required if you use the ESB functionality.

8443

 

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
  • Monitor
  • AMQP or
  • AMQP_PRIMARY and AMQP_SECONDARY

For two-way communication between:

  • The CCO and CCM
  • The Monitor and CCM
Icon

Required for all cloud regions supported by your CloudCenter deployment.

For one-way communication from AMQP to CCM.

Egress
  • CCO or
  • CCO_LB
  • Monitor

8881

Egress

Monitor

For ELK communication – Logstash Port.

15672Ingress/Egress (optional)ESB UI CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish access to the AMQP module from the AMQP UI – only required if you use the ESB functionality.

CCM_SA Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

80Ingress (optional)0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For HTTP to HTTPS redirection.

443Ingress

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For UI/API access.

4560EgressMonitorFor ELK communication – Elasticsearch Port.
5432EgressMGMTPOSTGRES

For communication to the database.

5671Ingress/Egress (optional)ESB API CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish programmatic access to the AMQP module – only required if you use the ESB functionality.

8443

 

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
  • Monitor
  • AMQP or
  • AMQP_PRIMARY and AMQP_SECONDARY

For two-way communication between:

  • The CCO and CCM
  • The Monitor and CCM
Icon

Required for all cloud regions supported by your CloudCenter deployment.

For one-way communication from AMQP to CCM.

Egress
  • CCO or
  • CCO_LB
  • Monitor

8881

Egress

Monitor

For ELK communication – Logstash Port.

15672Ingress/Egress (optional)ESB UI CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish access to the AMQP module from the AMQP UI – only required if you use the ESB functionality.

CCM_SA_PRIMARY and CCM_SA_SECONDARY Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

Ingress/Egress
  • CCM
  • CCM_SA_PRIMARY or
  • CCM_SA_SECONDARY
To remotely configure the CCM from the CCO/AMQP config wizard.

For static file sync between the CCM Primary and Secondary VMs.

80Ingress (optional)0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For HTTP to HTTPS redirection.

443Ingress

CCM_LB

For UI/API access.

4560EgressMonitorFor ELK communication – Elasticsearch Port.
5432EgressMGMTPOSTGRES

For communication to the database.

5671Ingress/Egress (optional)ESB API CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish programmatic access to the AMQP module – only required if you use the ESB functionality.
5703Ingress/Egress
  • CCM_SA_PRIMARY or
  • CCM_SA_SECONDARY

For internal implementation to handle data in HA.

8443

 

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
  • CCM_LB
  • Monitor
  • AMQP or
  • AMQP_PRIMARY and AMQP_SECONDARY

For two-way communication between:

  • The CCO and CCM
  • The Monitor and CCM
Icon

Required for all cloud regions supported by your CloudCenter deployment.

For one-way communication from AMQP to CCM.

Egress
  • CCO or
  • CCO_LB
  • Monitor

8881

Egress

Monitor

For ELK communication – Logstash Port.

15672Ingress/Egress (optional)ESB UI CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish access to the AMQP module from the AMQP UI – only required if you use the ESB functionality.

MGMTPOSTGRES Ports

Port

Direction

Remote Source

Notes

22

Ingress (Optional)

Allowed SSH source IP

For troubleshooting purposes.

5432  

Ingress 

CCM_SA

For incoming connection from a CCM standalone VM.

MGMTPOSTGRES_MASTER and MGMTPOSTGRES_SLAVE Ports

Port

Direction

Remote Source

Notes

22

Ingress (Optional)

Allowed SSH source IP

For troubleshooting purposes.

Ingress/EgressMGMTPOSTGRES_MASTER and MGMTPOSTGRES_SLAVEFor static file sync between the MGMTPOSTGRES master and slave VMs.
2224Ingress/Egress

MGMTPOSTGRES_MASTER and MGMTPOSTGRES_SLAVE

For Pacemaker clustering between both database VMs to ensure high availability.

3121

5432

Ingress 

CCM_SA_PRIMARY and CCM_SA_SECONDARY

For incoming connection from the CCM standalone VM.

Ingress/Egress

MGMTPOSTGRES_MASTER and MGMTPOSTGRES_SLAVE

For communication between master and slave database VMs.

5405

(UDP)

Ingress/Egress

MGMTPOSTGRES_MASTER and MGMTPOSTGRES_SLAVE

21064

Ingress/Egress

MGMTPOSTGRES_MASTER and MGMTPOSTGRES_SLAVE

For Pacemaker clustering between both database VMs to ensure high availability.

CCM_LB Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

80

Ingress (optional)

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For HTTP to HTTPS redirection.

443

Ingress

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For UI/API access.

Egress

CCM_SA_PRIMARY and CCM_SA_SECONDARY

For communication with CCM primary and secondary VMs.

8443

 

Egress

CCM_SA_PRIMARY and CCM_SA_SECONDARY

For communication with CCM primary and secondary VMs.

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
  • Monitor
  • AMQP or
  • AMQP_PRIMARY and AMQP_SECONDARY

For communication from the CCO, AMQP, and Monitor VMs.

 

 

  • No labels