Network Access Requirements Table
The following table lists the required network protocol ports needed while implementing network access restrictions when deploying CloudControl. These are the default port numbers. You can also use custom port numbers.
|
Service Name |
Traffic Direction |
Protocols |
Ports |
Interfaces |
Comments |
|---|---|---|---|---|---|
|
Active Directory service |
Outbound |
TCP |
389, 3268 |
All |
Active Directory communications for LDAP and Global Catalog (GC) communication. |
|
Active Directory service |
Outbound |
TCP |
636, 3269 |
All |
Active Directory secure communications (TLS/SSL) for LDAP and Global Catalog (GC) communication. |
|
DNS |
Outbound |
TCP, UDP |
53 |
All |
Domain Name Service communication |
|
CloudControl HA clustering |
Bidirectional |
TCP, UDP |
2224, 5405 |
|
These ports are used for 2 CloudControl nodes to communicate when in an HA cluster. |
|
NTP |
Outbound |
TCP, UDP |
123 |
All |
Network Time Protocol. |
|
PingFederate authentication |
Bidirectional |
TCP |
443 |
All |
PingFederate sends all requests to existing proxy urls from CloudControl. After logout, CloudControl redirects all proxies to PingFederate login page. |
|
RADIUS, RADIUS Accounting |
Bidirectional |
TCP, UDP |
1812 |
All |
This port is needed for communication between CloudControl and the RADIUS server. |
|
vSphere and vSphere Proxy |
Bidirectional |
TCP, UDP |
1-65535 |
All |
Port 443 is used for communication with underlying VCenter and ESXi hosts being proxied. Port 9443 is used by the vSphere Web Client and is open to CloudControl by default. Other ports may be required by different vCenter Server plugins configured in vCenter. |
|
ESXi Global PIP Proxy (SSH and Web GUI Proxy) |
Inbound |
TCP |
49152-65536 |
All |
External clients connect to the Proxy over the ports ranging from 49152-65536 depending on the number of hosts in an environment. |
|
ESXi Global PIP Proxy (SSH and Web GUI Proxy) |
Outbound |
TCP |
22, 443 |
All |
Port 22 is used by proxy to connect to underlying ESXi over SSH. Port 443 is used by proxy to connect to underlying ESXi Web GUI. |
|
SMTP |
Outbound |
TCP |
25, 465, 587 |
All |
Required for sending SMTP notifications and alerts. |
|
SNMP v2c |
Inbound |
TCP, UDP |
161 |
Network 1 |
SNMP is disabled by default. |
|
SNMP v2c Trap |
Outbound |
TCP, UDP |
162 |
All |
SNMP alerts are disabled by default. |
|
SNMP v3c |
Inbound |
TCP, UDP |
161, 10161 |
All |
Used for SNMP polling from the SNMP server. SNMP alerts are disabled by default. |
|
SNMP v3c Trap |
Outbound |
TCP, UDP |
162, 10162 |
All |
Used when sending SNMP traps to the SNMP server. SNMP alerts are disabled by default. |
