CloudCenter 4.8 has reached End of Life (EOL) as of November 14, 2018. See End of Support Notices for additional context.

AMQP Firewall Rules

AMQP Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

443Ingress

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For SSH/VNC and RDP access of launched VMs.

Not applicable to Container Clouds.

EgressAMQP access to the CCMGuacamole server on AMQP VM communicates to the CCM VMs via this port.

5671

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
  • Worker VM IP Range

For communication from the CCO VM and from launched VMs.

Not applicable to Container Clouds.

7788Ingress/EgressAMQP

For SSH/VNC access of launched VMs. Done through reverse proxy. Done through reverse proxy for loop back connection. Not configurable.

7789

Ingress

Worker VM IP Range

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection. Not configurable.

Not applicable to Container Clouds.

8443

Egress

CCO or  CCO_LB

For SSH/VNC access of launched VMs. Guacamole server on AMQP VM communicates to the CCO VMs via this port.

AMQP_PRIMARY and AMQP_SECONDARY Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

Ingress/EgressAMQP_PRIMARY and AMQP_SECONDARYTo remotely configure the AMQP instance from another AMQP instance.
443Ingress
  • AMQP_LB
  • AMQP access to the CCM

For SSH/VNC and RDP access of launched VMs.

Not applicable to Container Clouds.

EgressAMQP access to the CCMGuacamole server on AMQP VM communicates to the CCM VMs via this port.
4369Ingress/EgressAMQP_PRIMARY and AMQP_SECONDARYFor communication between AMQP primary and secondary VMs.

5671

Ingress

  • CCO or CCO_LB
  • Worker VM IP Range
  • AMQP_LB

For communication from the CCO VM and from launched VMs

Not applicable to Container Clouds.

7788Ingress/Egress

AMQP_LB

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

7789

Ingress

Worker VM IP Range

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

Not applicable to Container Clouds.

8443

Egress

  • CCO or
  • CCO_LB

For SSH/VNC access of launched VMs. Guacamole server on AMQP communicates to the CCO on this port.

25672

Ingress/Egress

AMQP_PRIMARY and AMQP_SECONDARY

For communication between AMQP primary and secondary VMs.

AMQP_LB Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

443Ingress
  • 0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For SSH/VNC access of launched VMs. Done through reverse proxy.

Not applicable to Container Clouds.

Egress
  • AMQP_PRIMARY and AMQP_SECONDARY

5671

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
  • Application (Worker) VM IP range

For communication from the CCO VM and from launched VMs.

Not applicable to Container Clouds.

EgressAMQP_PRIMARY and AMQP_SECONDARYFor communication between AMQP primary and secondary VMs.

7788

Ingress

AMQP_PRIMARY and AMQP_SECONDARY

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

Egress
7789Ingress

Worker VM IP Range

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

Not applicable to Container Clouds.

EgressAMQP_PRIMARY and AMQP_SECONDARY

For SSH/VNC access of launched VMs. Done through reverse proxy for loop back connection.

  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved