CliQr is now part of Cisco Learn More About Cisco

CCO Firewall Rules                                                                    

CCO Ports

Port

Direction

Remote Source

Notes

8443   

Ingress/
Egress

  • CCM or
  • CCM_SA or
  • CCM_SA_PRIMARY and CCM_SA_SECONDARY
  • Monitor

For two-way communication between the CCO and CCM VMs.

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

Egress0.0.0.0/0To download installer or appliance packages.
443Egress0.0.0.0/0To download installer or appliance packages.

All

Egress (Conditional)

Cloud Region EndPoints, Script Sources

For cloud region endpoint access and for downloading scripts/packages defined in external services.

2375

Egress (Conditional)

  • Only for CloudCenter 4.6.x and earlier
  • Not used for CloudCenter 4.7.x and later

EXT_SCRIPT_EXECUTOR

For Docker container engine access to execute external scripts.

2376Egress (Conditional)
  • Only for CloudCenter 4.7.x and later
  • Not used for CloudCenter 4.6.x and earlier
EXT_SCRIPT_EXECUTORFor Docker container engine access to execute external scripts.

CCO_PRIMARY, SECONDARY, and TERTIARY Ports

Port

Direction

Remote Source

Notes

8443   

Ingress/
Egress

  • CCO_LB
  • Monitor

For two-way communication between the CCO and CCM VMs.

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

80Egress0.0.0.0/0To download installer or appliance packages.
443Egress0.0.0.0/0To download installer or appliance packages.

All

Egress (Conditional)

Cloud Region Endpoints, Script Sources

For cloud region endpoint access and for downloading scripts/packages defined in external services.

2376

Egress (Conditional)

EXT_SCRIPT_EXECUTOR

For Docker container engine access to execute external scripts.

5701

Ingress/Egress

CCO_PRIMARY
CCO_SECONDARY
CCO_TERTIARY

For internal implementation to handle data in HA.

27017

Ingress

CCO_PRIMARY
CCO_SECONDARY
CCO_TERTIARY

For the MongoDB connection

CCO_LB Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

80Egress0.0.0.0/0To download installer or appliance packages.
443Egress0.0.0.0/0To download installer or appliance packages.

8443

Ingress

  • CCM or
  • CCM_SA or
  • CCM_PRIMARY, CCM_SECONDARY

For communication to the CCO from the CCM VMs.

Egress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCM_TERTIARY
  • Monitor

For communication to CCO VMs from the CCO load balancer.

 

 

 

  • No labels