Network Firewall Requirements for OpenStack
Following are the Network Firewall Requirements for OpenStack.
|
Direction |
Ether Type |
Protocol |
Port |
CIDR |
Purpose |
||||||
|
GigaVUE‑FM |
|||||||||||
|
Inbound |
HTTPS |
TCP |
443 |
Any IP address |
Allows users to connect to the GigaVUE‑FM GUI. |
||||||
|
Inbound |
IPv4 |
UDP |
53 |
Any IP address |
Allows GigaVUE‑FM to communicate with standard DNS server |
||||||
|
Outbound (optional) |
Custom TCP Rule |
TCP |
8890 |
V Series Proxy IP |
Allows GigaVUE‑FM to communicate with V Series Proxy |
||||||
|
Outbound |
Custom TCP Rule |
TCP |
8889 |
V Series 2 Node IP |
Allows GigaVUE‑FM to communicate with V Series node |
||||||
| G-vTAP Controller | |||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
9900 |
Custom GigaVUE-FM IP |
Allows GigaVUE-FM to communicate with G-vTAP Controllers
|
||||||
|
Inbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
8891 |
G-vTAP Agent or Subnet IP |
Allows G-vTAP Controller to communicate the registration requests from G-vTAP Agent. |
||||||
|
Outbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
443 |
GigaVUE‑FM IP |
Allows G-vTAP Controller to communicate the registration requests to GigaVUE-FM |
||||||
| G-vTAP Agent | |||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
9901 |
Custom G-vTAP Controller IP |
Allows G-vTAP Controllers to communicate with G-vTAP Agents |
||||||
|
Outbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
8891 |
G-vTAP Agent or Subnet IP |
Allows G-vTAP Agent to communicate with G-vTAP Controller for registration and Heartbeat |
||||||
| G-vTAP OVS Controller | |||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
9900 |
Custom GigaVUE-FM IP |
Allows GigaVUE-FM to communicate with G-vTAP OVS Controllers
|
||||||
| G-vTAP OVS Agent | |||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
9901 |
Custom G-vTAP OVS Controller IP |
Allows G-vTAP OVS Controllers to communicate with G-vTAP OVS Agents |
||||||
|
GigaVUE V Series Proxy |
|||||||||||
|
Inbound |
IPv4 |
TCP |
8890 |
GigaVUE‑FM IP address |
Allows GigaVUE‑FM to communicate with GigaVUE V Series Proxys. |
||||||
|
Outbound |
Custom TCP Rule |
TCP |
8889 |
V Series 2 node IP |
Allows V Series Proxy to communicate with V Series node |
||||||
|
GigaVUE V Series 2 Node |
|||||||||||
|
Inbound |
Custom TCP Rule |
TCP(6) |
8889 |
GigaVUE V Series Proxy IP address |
Allows GigaVUE V Series Proxys to communicate with GigaVUE V Series nodes |
||||||
|
Outbound |
IPv4 |
TCP |
8890 |
GigaVUE‑FM IP address |
Allows GigaVUE V Series Node to communicate with GigaVUE V Series Proxy |
||||||
|
Outbound |
Custom UDP Rule |
UDP |
|
Tool IP |
Allows V Series node to communicate and tunnel traffic to the Tool |
||||||
|
Network |
Purpose |
|
Management |
Identify the subnets that GigaVUE‑FM uses to communicate with the GigaVUE V Series nodes and controllers. |
|
Data |
Identify the subnets that receives the mirrored tunnel traffic from the monitored instances. In data network, if a tool subnet is selected then the V Series node egress traffic on to the destinations or tools. |
