Reference Information › CA AppLogic Support Knowledge Base › Overview of Support Knowledge Base › Appliance: Default Interface Firewall Requirements
Appliance: Default Interface Firewall Requirements
it is not necessary to firewall the default interface at all. Any traffic that isn't supposed to be there will be dropped by AppLogic, anyway.
If desired, it is OK to set up firewall rules for this interface, though. The full list of (valid) communications that goes on this interface is as follows:
- UDP on the DHCP/BOOTP ports (initial configuration and address renewal), the remote side can be only the controller, address=(base_ip).(grid_id*8+7).255.254.
- TCP with the controller: controller->VM on port ssh=22, VM->controller on 8080.
- Outgoing TCP connection to the host server, 192.168.(grid_id).(server_id),
- Port 11000 (note this latter is a special route, not on the usual backbone IP range for appliances).
Consequences of blocking those:
- DHCP/BOOTP, controller:8080 or the server:11000 ports: appliance becomes unmanaged (and will report start failure if not marked as such)
- ssh: '3t comp ssh' and the "text shell" button in the GUI will not work.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|