IBM DataPower Operations Dashboard v1.0.16.0

A newer version of this product documentation is available.

You are viewing an older version. View latest at IBM DPOD Documentation.

Firewall Requirements for DPOD Cell Environment

This diagram visualizes the connections between the DPOD cell environment (cell manager and members) and the other components on the network, and is followed by a table elaborating the firewall rules that need to be defined for DPOD to be able to communicate with the rest of the components.

In the diagram above:

  • The IP addresses 192.168.25.XXX and 172.17.42.XXX are only used as examples and may be replaced with any other valid IP address.

  • SSH root access is needed in the internal network for the cell installation and for admin operations from time to time.

From

To

Ports (Defaults)

Protocol

Usage

From

To

Ports (Defaults)

Protocol

Usage

DPOD Cell Manager (external IP address)

Each Monitored Device

5550 (TCP)

HTTPS

Monitored device administration management interface. If the SOMA port is different than 5550 - the port should be changed accordingly.

DPOD Cell Manager (external IP address)

DNS Server

53 (TCP and UDP)

DNS

DNS services. Static IP address may be used.

DPOD Cell Manager (external IP address)

NTP Server

123 (UDP)

NTP

Time synchronization

DPOD Cell Manager (external IP address)

Organizational mail server

25 / 465 / 587 (TCP)

SMTP/S

Send reports/alerts/shares/etc. by email

DPOD Cell Manager (external IP address)

LDAP

389 / 636 (TCP)

3268 / 3269 (TCP)

LDAP/S

Authentication & authorization. Can be over SSL.

DPOD Cell Manager (internal IP address)

Each DPOD Federated Cell Member (internal IP address)

443 (TCP)

HTTPS

Communication (data + management)

DPOD Cell Manager (internal IP address)

Each DPOD Federated Cell Member (internal IP address)

22 (TCP)

SSH

SSH root access is needed for the cell installation and for admin operations from time to time.

DPOD Cell Manager (internal IP address)

Each DPOD Federated Cell Member (internal IP address)

9300-9305 (TCP)

OpenSearch

OpenSearch Communication (data + management)

DPOD Cell Manager (external IP address)

Each DPOD Federated Cell Member (external IP address)

60000-60003 (TCP)

Syslog

Syslog keep-alive data

DPOD Cell Manager (external IP address)

Each DPOD Federated Cell Member (external IP address)

60020-60023 (TCP)

HTTP

WS-M keep-alive data

NTP Server

DPOD Cell Manager (external IP address)

123 (UDP)

NTP

Time synchronization

Users IPs

DPOD Cell Manager (external IP address)

443 (TCP)

HTTPS

DPOD's Web Console

Admins IPs

DPOD Cell Manager (external IP address)

22 (TCP)

SSH

SSH

Each DPOD Federated Cell Member (internal IP address)

DPOD Cell Manager (internal IP address)

443 (TCP)

HTTPS

Communication (data + management)

Each DPOD Federated Cell Member (internal IP address)

DPOD Cell Manager (internal IP address)

9200, 9300-9400

OpenSearch

OpenSearch Communication (data + management)

Each DPOD Federated Cell Member (external IP address)

DNS Server

53 (TCP and UDP)

DNS

DNS services

Each DPOD Federated Cell Member (external IP address)

NTP Server

123 (UDP)

NTP

Time synchronization

Each Monitored Device

Each DPOD Federated Cell Member (external IP address)

60000-60003 (TCP)

Syslog

Syslog data

Each Monitored Device

Each DPOD Federated Cell Member (external IP address)

60020-60023 (TCP)

HTTP

WS-M payloads (optional)

API-Connect Analytics Ingestion Pods

Each DPOD Federated Cell Member (external IP address)

60020-60023 (TCP)

HTTP/S

API-Connect Analytics Offload (optional)

NTP Server

Each DPOD Federated Cell Member (external IP address)

123 (UDP)

NTP

Time synchronization

Admins IPs

Each DPOD Federated Cell Member (external IP address)

22 (TCP)

SSH

SSH

 

 

IBM DataPower Operations Dashboard (DPOD) v1.0.16.0