CliQr is now part of Cisco Learn More About Cisco

Monitor Firewall Rules

MON Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

80Egress0.0.0.0./0To download installer or appliance packages.
443Egress0.0.0.0/0To download installer or appliance packages.
4560Ingress
  • CCM_IP or
    CCM_PRIMARY_IP and  CCM_SECONDARY_IP
  • CCO_IP or
    CCO_PRIMARY_IP, CCO_SECONDARY_IP, and CCO_TERTIARY_IP
(Logstash) To collect, process, and push the logs to the CCM and/or CCO.
8881Ingress
  • CCM_IP or
    CCM_PRIMARY_IP and  CCM_SECONDARY_IP
  • CCO_IP or
    CCO_PRIMARY_IP, CCO_SECONDARY_IP, and CCO_TERTIARY_IP
(Elasticsearch) To download logs for the CCM and/or CCO.
8882IngressPublic browser accessTo view the logs in the Kibana console.

8443

 

Ingress/ Egress

  • CCM or
  • CCM_SA or
  • CCM_SA_PRIMARY, CCM_SA_SECONDARY, and CCM_LB

For two-way communication between the CCM and Monitor VMs.

Egress

CCO or CCO_LB

For access to the CCO VM.

  • No labels