CloudCenter 4.8 has reached End of Life (EOL) as of November 14, 2018. See End of Support Notices for additional context.

CCO Firewall Rules                       

CCO Ports

Port

Direction

Remote Source

Notes

AllEgress (Conditional)Cloud Region EndPoints, Script SourcesFor cloud region endpoint access and for downloading scripts/packages defined in external services.
22Ingress (optional)Allowed SSH source IP

For troubleshooting purposes.

4560EgressMonitorFor ELK communication – Elasticsearch Port.
8443

Ingress/

Egress

  • CCM or
  • CCM_SA or
  • CCM_SA_PRIMARY and CCM_SA_SECONDARY
For two-way communication between the CCO and CCM VMs.
Ingress
  • Monitor
  • AMQP or
  • AMQP_PRIMARY and AMQP_SECONDARY
For CCO communication.
8881EgressMonitorFor ELK communication – Logstash Port.
443EgressPublic cloud provider API

For the CCO to communicate with the cloud SDK or REST API interface – to white list URLs, refer to the applicable cloud provider documentation.

CCO_PRIMARY, SECONDARY, and TERTIARY Ports

Port

Direction

Remote Source

Notes

AllEgress (conditional)Cloud Region Endpoints, Script SourcesFor cloud region endpoint access and for downloading scripts/packages defined in external services.

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

Ingress/Egress
  • CCO_PRIMARY
  • CCO_SECONDARY
  • CCO_TERTIARY
To remotely configure the CCO from the CCM/AMQP config wizard.
4560EgressMonitorFor ELK communication – Elasticsearch Port.

5701

Ingress/Egress

CCO_PRIMARY
CCO_SECONDARY
CCO_TERTIARY

For internal implementation to handle data in HA.

8443Ingress
  • Monitor
  • AMQP or
  • AMQP_PRIMARY and AMQP_SECONDARY
  • CCO_LB

For CCO communication.

8881EgressMonitorFor ELK communication – Logstash Port.

27017

Ingress

CCO_PRIMARY
CCO_SECONDARY
CCO_TERTIARY

For the MongoDB connection
443EgressPublic cloud provider interfaceFor the CCO to communicate with the cloud SDK or REST API interface – to white list URLs, refer to the applicable cloud provider documentation.

CCO_LB Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

8443

Ingress

  • CCM or
  • CCM_SA or
  • CCM_SA_PRIMARY and CCM_SA_SECONDARY
  • AMQP_PRIMARY and AMQP_SECONDARY
  • Monitor

For communication to the CCO from the CCM VMs.

Egress

CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY

For communication to CCO VMs from the CCO load balancer.




  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved