Network Firewall Requirements

Following are the Network Firewall Requirements for Gigamon fabrics for Nutanix deployments.

GigaVUE-FM

Direction	Type	Protocol	Port	CIDR	Purpose
Inbound	HTTPS	TCP	443	Anywhere Any IP	Allows GigaVUE® V Series Nodes, GigaVUE V Series Proxy, and GigaVUE‑FM administrators to communicate with GigaVUE‑FM
Inbound	SSH	TCP	22	Anywhere Any IP	Allows GigaVUE® V Series Nodes, GigaVUE V Series Proxy, and GigaVUE‑FM administrators to communicate with GigaVUE‑FM
Outbound (optional)	Custom TCP Rule	TCP	8890	GigaVUE V Series Proxy IP	Allows GigaVUE‑FM to communicate with GigaVUE V Series Proxy
Outbound	Custom TCP Rule	TCP	8889	GigaVUE V Series Node IP	Allows GigaVUE‑FM to communicate with GigaVUE V Series Node
Outbound	Custom TCP Rule	TCP	9440	Prism Central IP, Prism Element IP	Allows GigaVUE‑FM to communicate with Prism Central and Prism Element.

GigaVUE V Series Node

Direction

Type

Protocol

Port

CIDR

Purpose

Inbound

Custom TCP Rule

TCP

9903

GigaVUE V Series Proxy IP

Allows GigaVUE V Series Proxy to communicate with GigaVUE® V Series Nodes

Inbound

UDP

UDPGRE

4754

Ingress Tunnel

Allows to UDPGRE tunnel to communicate and tunnel traffic toGigaVUE V Series Nodes

Outbound

Custom TCP Rule

TCP

5671

GigaVUE‑FM IP

Allows GigaVUE® V Series Node to communicate and tunnel traffic to the Tool

Outbound

Custom UDP Rule

●

UDP(VXLAN)

●

IP Protocol (L2GRE)

●

VXLAN (default 4789)

●

L2GRE (IP 47)

Tool IP

Allows GigaVUE® V Series Node to communicate and tunnel traffic to the Tool

Outbound (optional)

Custom ICMP Rule

ICMP

●

echo request

●

echo reply

Tool IP

Allows GigaVUE® V Series Node to health check the tunnel destination traffic.

GigaVUE V Series Proxy (optional)

Direction	Type	Protocol	Port	CIDR	Purpose
Inbound	Custom TCP Rule	TCP	8890	GigaVUE‑FM IP	Allows GigaVUE‑FM to communicate with GigaVUE V Series Proxy
Outbound	Custom TCP Rule	TCP	8889	GigaVUE V Series Node IP	Allows GigaVUE‑FM to communicate with GigaVUE V Series Node