Network Access Requirements Table

The following table lists the required network protocol ports needed while implementing network access restrictions when deploying CloudControl. These are the default port numbers. You can also use custom port numbers.

Service Name

Traffic Direction

Protocols

Ports

Interfaces

Comments

Active Directory service

Outbound

TCP

389, 3268

All

Active Directory communications for LDAP and Global Catalog (GC) communication.

Active Directory service

Outbound

TCP

636, 3269

All

Active Directory secure communications (TLS/SSL) for LDAP and Global Catalog (GC) communication.

DNS

Outbound

TCP, UDP

53

All

Domain Name Service communication

CloudControl HA clustering

Bidirectional

TCP, UDP

2224, 5405

 

These ports are used for 2 CloudControl nodes to communicate when in an HA cluster.

NTP

Outbound

TCP, UDP

123

All

Network Time Protocol.

PingFederate authentication

Bidirectional

TCP

443

All

PingFederate sends all requests to existing proxy urls from CloudControl. After logout, CloudControl redirects all proxies to PingFederate login page.

RADIUS, RADIUS Accounting

Bidirectional

TCP, UDP

1812

All

This port is needed for communication between CloudControl and the RADIUS server.

vSphere and vSphere Proxy

Bidirectional

TCP, UDP

1-65535

All

Port 443 is used for communication with underlying VCenter and ESXi hosts being proxied.

Port 9443 is used by the vSphere Web Client and is open to CloudControl by default.

Other ports may be required by different vCenter Server plugins configured in vCenter.

ESXi Global PIP Proxy (SSH and Web GUI Proxy)

Inbound

TCP

49152-65536

All

External clients connect to the Proxy over the ports ranging from 49152-65536 depending on the number of hosts in an environment.

ESXi Global PIP Proxy (SSH and Web GUI Proxy)

Outbound

TCP

22, 443

All

Port 22 is used by proxy to connect to underlying ESXi over SSH.

Port 443 is used by proxy to connect to underlying ESXi Web GUI.

SMTP

Outbound

TCP

25, 465, 587

All

Required for sending SMTP notifications and alerts.

SNMP v2c

Inbound

TCP, UDP

161

Network 1

SNMP is disabled by default.

SNMP v2c Trap

Outbound

TCP, UDP

162

All

SNMP alerts are disabled by default.

SNMP v3c

Inbound

TCP, UDP

161, 10161

All

Used for SNMP polling from the SNMP server.

SNMP alerts are disabled by default.

SNMP v3c Trap

Outbound

TCP, UDP

162, 10162

All

Used when sending SNMP traps to the SNMP server.

SNMP alerts are disabled by default.