Security group rules

Cloud Manager creates security groups that include the inbound and outbound rules that Cloud Manager and ONTAP Cloud need to operate successfully in the cloud. You might want to refer to the ports for testing purposes or if you prefer to use your own security groups.

Security group rules for Cloud Manager

Inbound rules

Note: The source for inbound rules is 0.0.0.0/0.
Type Port range Used for
SSH 22 SSH connections to Cloud Manager
HTTP 80 Accessing the Cloud Manager console
HTTPS 443 Accessing the Cloud Manager console

Outbound rules

Type Port range Used for
All TCP All All outbound traffic
All UDP All All outbound traffic

Security group rules for ONTAP Cloud

Inbound rules

Note: The source for inbound rules is 0.0.0.0/0.
Type Port range Used for
All ICMP All Pinging the instance
Custom TCP Rule 111 Portmapper
Custom TCP Rule 139 NetBIOS
Custom TCP Rule 161-162 SNMP
Custom TCP Rule 445 Microsoft SMB
Custom TCP Rule 635 NFS mount
Custom TCP Rule 749 Kerberos
Custom TCP Rule 2049 NFS
Custom TCP Rule 3260 iSCSI
Custom TCP Rule 4045-4046 NFS mountd
Custom TCP Rule 10000 NDMP
Custom TCP Rule 11104-11105 Intercluster management and data
Custom UDP Rule 111 Portmapper
Custom UDP Rule 161-162 SNMP
Custom UDP Rule 635 NFS mount
Custom UDP Rule 2049 NFS
Custom UDP Rule 4045-4046 NFS mountd
HTTP 80 System Manager access
HTTPS 443 System Manager access
SSH 22 SSH to the CLI

Outbound rules

Type Port range Used for
All ICMP All All outbound traffic (SnapMirror and SnapVault)
All TCP All All outbound traffic
All UDP All All outbound traffic

External security group rules for the HA mediator

Note: Cloud Manager always creates this security group. You do not have the option to use your own security group.

Inbound rules

Note: The source for inbound rules is 0.0.0.0/0.
Type Port range Used for
SSH 22 SSH connections to the HA mediator
TCP 3000 RESTful API access from Cloud Manager

Outbound rules

Type Port range Used for
All TCP All All outbound traffic
All UDP All All outbound traffic

Internal security group rules for the HA mediator

Note: Cloud Manager always creates this security group. You do not have the option to use your own security group.

Inbound rules

Type Port range Used for
All traffic All Communication between the HA mediator and ONTAP Cloud HA nodes only

Outbound rules

Type Port range Used for
All traffic All Communication between the HA mediator and ONTAP Cloud HA nodes only