Using CA AppLogic › Appliance Developer Guide › Appliance Troubleshooting › Firewall Default Interface

Firewall Default Interface

The default raw interface is a specialized that the appliance uses to communicate with the grid controller. It is not necessary to firewall the default interface. Any traffic that is not specifically allowed is dropped.

If you would like to setup firewall rules, the list of communications are as follows:

• UDP on the DHCP/BOOTP ports:

  for initial configuration and address renewal, the remote side can be only the controller, address=(base_ip).(grid_id*8+7).255.254.

• TCP with the controller:

  controller->VM on port ssh=22, VM->controller on 8080.

• Outgoing TCP connection to the host server:

  192.168.(grid_id).(server_id), port 11000. The latter is a special route, not on the usual backbone IP range for appliances.

Consequences of blocking those:

• DHCP/BOOTP, controller:8080 or the server:11000 ports: appliance becomes unmanaged and will report start failure if not marked as such
• ssh: the '3t comp ssh' and the "text shell" button in the GUI will not work