Network port requirements

You might need to allow the following TCP ports through your datacenter's edge firewall so that you can manage the system remotely and allow clients outside of your datacenter to connect to resources. Some of these ports might not be required, depending on how you use the system.

All ports are TCP unless stated otherwise, and should permit bi-directional communications between the NetApp Support Server, management node, and the storage nodes.
Tip: Enable ICMP between the management node, storage nodes, and cluster MVIP.
Note: For vSphere network port requirements, see VMware documentation.

The following abbreviations are used in the table:

Source Destination Port Description
iSCSI clients Storage cluster MVIP 443 (Optional) UI and API access
iSCSI clients Storage cluster SVIP 3260 Client iSCSI communications
iSCSI clients Storage node SIP 3260 Client iSCSI communications
Management node sfsupport.solidfire.com 22 Reverse SSH tunnel for support access
Management node Storage node MIP 22 SSH access for support
Management node DNS servers 53 TCP/UDP DNS lookup
Management node Storage node MIP 442 UI and API access to storage node and Element software upgrades
Management node Online software repository:
  • https://repo.netapp.com/bintray/api/package
  • https://netapp-downloads.bintray.com
443 Management node service upgrades
Management node monitoring.solidfire.com 443 Storage cluster reporting to Active IQ
Management node Storage cluster MVIP 443 UI and API access to storage node and Element software upgrades
SNMP server Storage cluster MVIP 161 UDP SNMP polling
SNMP server Storage node MIP 161 UDP SNMP polling
Storage node MIP DNS servers 53 TCP/UDP DNS lookup
Storage node MIP Management node 80 Element software upgrades
Storage node MIP S3/Swift endpoint 80 (Optional) HTTP communication to S3/Swift endpoint for backup and recovery
Storage node MIP NTP server 123 UDP NTP
Storage node MIP Management node 162 UDP (Optional) SNMP traps
Storage node MIP SNMP server 162 UDP (Optional) SNMP traps
Storage node MIP LDAP server 389 TCP/UDP (Optional) LDAP lookup
Storage node MIP Remote storage cluster MVIP 443 Remote replication cluster pairing communication
Storage node MIP Remote storage node MIP 443 Remote replication cluster pairing communication
Storage node MIP S3/Swift endpoint 443 (Optional) HTTPS communication to S3/Swift endpoint for backup and recovery
Storage node MIP Management node

10514 TCP/UDP

514 TCP/UDP

Syslog forwarding
Storage node MIP Syslog server

10514 TCP/UDP

514 TCP/UDP

Syslog forwarding
Storage node MIP LDAPS server 636 TCP/UDP LDAPS lookup
Storage node MIP Remote storage node MIP 2181 Intercluster communication for remote replication
Storage node SIP S3/Swift endpoint 80 (Optional) HTTP communication to S3/Swift endpoint for backup and recovery
Storage node SIP S3/Swift endpoint 443 (Optional) HTTPS communication to S3/Swift endpoint for backup and recovery
Storage node SIP Remote storage node SIP 2181 Intercluster communication for remote replication
Storage node SIP Storage node SIP 3260 Internode iSCSI
Storage node SIP Remote storage node SIP 4000 through 4020 Remote replication node-to-node data transfer
Storage node SIP Compute node SIP 442 Compute node API, configuration and validation, and access to software inventory
System administrator PC Storage node MIP 80 (NetApp HCI only) Landing page of NetApp Deployment Engine
System administrator PC Management node 442 HTTPS UI access to management node
System administrator PC Storage node MIP 442 HTTPS UI and API access to storage node
(NetApp HCI only) Configuration and deployment monitoring in NetApp Deployment Engine
System administrator PC Management node 443 HTTPS UI and API access to management node
System administrator PC Storage cluster MVIP 443 HTTPS UI and API access to storage cluster
System administrator PC Storage node MIP 443 HTTPS storage cluster creation, post-deployment UI access to storage cluster
vCenter Server Storage cluster MVIP 443 vCenter Plug-in API access
vCenter Server Management node 8443 (Optional) vCenter Plug-in QoSSIOC service.
vCenter Server Storage cluster MVIP 8444 vCenter VASA provider access (VVols only)
vCenter Server Management node 9443 vCenter Plug-in registration. The port can be closed after registration is complete.