Network Firewall Requirement
The following table lists the Network Firewall Requirements for GigaVUE V Series V Series 2 Node deployment.
|
Direction |
Type |
Protocol |
Port |
CIDR |
Purpose |
||||||||||||||||||
|
GigaVUE‑FM |
|||||||||||||||||||||||
|
Inbound |
|
TCP |
|
Administrator Subnet |
Management connection to GigaVUE‑FM |
||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
5671 |
V Series 2 Node IP |
Allows GigaVUE V Series 2 Nodes to send traffic health updates to GigaVUE‑FM Allows Next Generation G-vTAP Agents to send statistics to GigaVUE-FM. |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP(6) |
9900 |
GigaVUE‑FM IP |
Allows G-vTAP Controller to communicate with GigaVUE‑FM |
||||||||||||||||||
|
Outbound (optional) |
Custom TCP Rule |
TCP |
8890 |
V Series Proxy IP |
Allows GigaVUE‑FM to communicate with V Series Proxy |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
8889 |
V Series 2 Node IP |
Allows GigaVUE‑FM to communicate with GigaVUE V Series node |
||||||||||||||||||
|
G-vTAP Controller |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP(6) |
9900 |
GigaVUE‑FM IP |
Allows G-vTAP Controller to communicate with GigaVUE‑FM |
||||||||||||||||||
|
Inbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
8891 |
G-vTAP Agent or Subnet IP |
Allows G-vTAP Controller to communicate the registration requests from G-vTAP Agent. |
||||||||||||||||||
|
Outbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
443 |
GigaVUE‑FM IP |
Allows G-vTAP Controller to communicate the registration requests to GigaVUE-FM |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP(6) |
9901 |
G-vTAP Controller IP |
Allows G-vTAP Controller to communicate with G-vTAP Agents |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
5671 |
GigaVUE-FM IP |
Allows G-vTAP Controller to send traffic health updates to GigaVUE-FM. |
||||||||||||||||||
|
G-vTAP Agent |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP(6) |
9901 |
G-vTAP Controller IP |
Allows G-vTAP Agents to communicate with G-vTAP Controller |
||||||||||||||||||
|
Outbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
8891 |
G-vTAP Agent or Subnet IP |
Allows G-vTAP Agent to communicate with G-vTAP Controller for registration and Heartbeat |
||||||||||||||||||
|
Outbound |
|
|
VXLAN (default 4789) |
G-vTAP Agent or Subnet IP |
Allows G-vTAP Agents to (VXLAN/L2GRE) tunnel traffic to V Series nodes |
||||||||||||||||||
|
GigaVUE V Series V Series Proxy (optional) |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
8890 |
GigaVUE‑FM IP |
Allows GigaVUE‑FM to communicate with V Series Proxy |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
8889 |
V Series 2 node IP |
Allows V Series Proxy to communicate with V Series node |
||||||||||||||||||
|
GigaVUE V Series V Series 2 Node |
|||||||||||||||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
8889 |
|
Allows V Series Proxy or GigaVUE-FM to communicate with V Series node |
||||||||||||||||||
|
Inbound |
|
|
|
G-vTAP Agent or Subnet IP |
Allows G-vTAP Agents to (VXLAN/L2GRE) tunnel traffic to V Series nodes |
||||||||||||||||||
|
Inbound |
UDP |
UDPGRE |
4754 |
Ingress Tunnel |
Allows to UDPGRE Tunnel to communicate and tunnel traffic to V Series nodes |
||||||||||||||||||
|
Outbound |
Custom TCP Rule |
TCP |
5671 |
GigaVUE-FM IP |
Allows GigaVUE V Series Node to send traffic health updates to GigaVUE‑FM |
||||||||||||||||||
|
Outbound |
Custom UDP Rule |
|
VXLAN (default 4789) |
Tool IP |
Allows V Series node to communicate and tunnel traffic to the Tool |
||||||||||||||||||
|
Outbound (optional) |
ICMP |
ICMP |
|
Tool IP |
Allows V Series node to health check tunnel destination traffic |
||||||||||||||||||
