CliQr is now part of Cisco Learn More About Cisco

Firewall Rules


In this phase, you must setup firewall/network rules to enable communication across various components.


The network settings in this page provide the minimal port requirements for inter-component communication.

Production environments typically are secured by only allowing communication through the ports specified in this section.


In environments where all the components can communicate with each other via any port (typically POC environments or private datacenters), be aware that you must configure the firewall rules or security groups based on your enterprise requirements – do not expose unnecessary ports to the external network or the publicly-available internet.


For each CloudCenter component, you may configure both Ingress and Egress rules.

If you open all traffic for Egress rules (by setting the IP address range to and allow all browsers to access each VM, then you do not need to follow the Egress rule port requirements for each component.

See Virtual Appliance Overview > Modes for ports used for in each network architecture example.

Security Groups

For AWS or OpenStack, the network rules are configured using security groups. For all other clouds, follow the cloud-specific nuances identified in Phase 1: Prepare Infrastructure for each cloud.

  • All port requirements use TCP protocol. The only exception is Port 5405 as it uses the UDP protocol (see CCM Firewall Rules).
  • For all communication between the components and HTTPS access, use TLS as the SSL protocol.

Once you configure the security groups, accurately, the JSON file should pass without any errors.

Proxy Settings

If you need a proxy server to connect to the internet, be sure to configure the Proxy setting for the CCM and CCO server in Phase 4: Install Components.


If you configure a load balancer for any CloudCenter component, be aware that the firewalId is enabled by default and you must explicitly disable it to ensure that the CloudCenter component(s) can communicate with the load balancer.