AMQP Firewall Rules

AMQP Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

443Ingress0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)For SSH/VNC and RDP access of launched VMs.

5671

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
  • Worker VM IP Range

For communication from the CCO VM and from launched VMs.

7788Ingress/EgressAMQP

For SSH/VNC access of launched VMs. Done through reverse proxy. Done through reverse proxy for loop back connection.

7789

Ingress

Worker VM IP Range

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

8443

Egress

  • CCM or CCM_SA or CCM_LB
  • CCO or  CCO_LB

For SSH/VNC access of launched VMs. Guacamole server on AMQP VM communicates to the CCM and CCO VMs via this port.

AMQP_PRIMARY and AMQP_SECONDARY Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

Ingress/EgressAMQP_PRIMARY and AMQP_SECONDARYTo remotely configure the AMQP instance from another AMQP instance.
443IngressAMQP_LBFor SSH/VNC and RDP access of launched VMs.
4369Ingress/EgressAMQP_PRIMARY and AMQP_SECONDARYFor communication between AMQP primary and secondary VMs.

5671

Ingress

  • CCO or CCO_LB
  • Worker VM IP Range
  • AMQP_LB

For communication from the CCO VM and from launched VMs

7788Ingress/Egress

AMQP_LB

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

7789

Ingress

Worker VM IP Range

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

8443

Egress

  • CCM or CCM_SA or CCM_LB
  • CCO or
  • CCO_LB

For SSH/VNC access of launched VMs. Guacamole server on AMQP communicates to CCM and CCO on this port.

25672

Ingress/Egress

AMQP_PRIMARY and AMQP_SECONDARY

For communication between AMQP primary and secondary VMs.

AMQP_LB Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

443Ingress

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For SSH/VNC access of launched VMs. Done through reverse proxy.

EgressAMQP_PRIMARY and AMQP_SECONDARY

5671

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
  • Application (Worker) VM IP range

For communication from the CCO VM and from launched VMs.

EgressAMQP_PRIMARY and AMQP_SECONDARYFor communication between AMQP primary and secondary VMs.

7788

Ingress

AMQP_PRIMARY and AMQP_SECONDARY

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

7789Ingress

Worker VM IP Range

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

 

 

 

  • No labels