Network Firewall Requirements

Following are the Network Firewall Requirements for Gigamon fabrics for Nutanix deployments.

Direction

Type

Protocol

Port

CIDR

Purpose

GigaVUE‑FM

Inbound

HTTPS

TCP

443

Anywhere

Any IP

Allows GigaVUE® V Series Nodes, GigaVUE V Series Proxy, and GigaVUE‑FM administrators to communicate with GigaVUE‑FM

Inbound

SSH

TCP

22

Anywhere

Any IP

Allows GigaVUE® V Series Nodes, GigaVUE V Series Proxy, and GigaVUE‑FM administrators to communicate with GigaVUE‑FM

Outbound (optional)

Custom TCP Rule

TCP

8890

GigaVUE V Series Proxy IP

Allows GigaVUE‑FM to communicate with GigaVUE V Series Proxy

Outbound

Custom TCP Rule

TCP

8889

GigaVUE V Series Node IP

Allows GigaVUE‑FM to communicate with GigaVUE V Series Node

Outbound

Custom TCP Rule

TCP

9440

Prism Central IP, Prism Element IP

Allows GigaVUE‑FM to communicate with Prism Central and Prism Element.

GigaVUE V Series Node

Inbound

Custom TCP Rule

TCP

9903

GigaVUE V Series Proxy IP

Allows GigaVUE V Series Proxy to communicate with GigaVUE® V Series Nodes

Inbound

UDP

UDPGRE

4754

Ingress Tunnel

Allows to UDPGRE tunnel to communicate and tunnel traffic toGigaVUE V Series Nodes

Outbound

Custom TCP Rule

TCP

5671

GigaVUE‑FM IP

Allows GigaVUE® V Series Node to communicate and tunnel traffic to the Tool

Outbound

Custom UDP Rule
UDP(VXLAN)
IP Protocol (L2GRE)
VXLAN (default 4789)
L2GRE (IP 47)

Tool IP

Allows GigaVUE® V Series Node to communicate and tunnel traffic to the Tool

Outbound (optional)

Custom ICMP Rule

ICMP
echo request
echo reply

Tool IP

Allows GigaVUE® V Series Node to health check the tunnel destination traffic.

GigaVUE V Series Proxy (optional)

Inbound

Custom TCP Rule

TCP

8890

GigaVUE‑FM IP

Allows GigaVUE‑FM to communicate with GigaVUE V Series Proxy

Outbound

Custom TCP Rule

TCP

8889

GigaVUE V Series Node IP

Allows GigaVUE‑FM to communicate with GigaVUE V Series Node