When you want to control access through firewalls, you open or close specific ports at the external firewall. There are special considerations for controlling access through firewalls to a StorageGRID system that is deployed as a container on bare metal hosts.
You can control access to the user interfaces and APIs on StorageGRID Admin Nodes by opening or closing specific ports at the external firewall. For example, you might want to prevent tenants from being able to connect to the Grid Manager at the firewall, in addition to using other methods to control system access.
| Port | Description | If port is open... |
|---|---|---|
| 443 | Default HTTPS port for Admin Nodes | Web browsers and management API clients can access the Grid Manager, the Grid Management API, the Tenant Manager, and the Tenant Management API. Note: Port 443 is also used for some internal traffic.
|
| 8443 | Restricted Grid Manager port on Admin Nodes |
|
| 9443 | Restricted Tenant Manager port on Admin Nodes |
|
When StorageGRID is deployed as a container on bare metal hosts, it does not provide a firewall for connections to the container IPs. The characteristics of networking for a container do not allow for firewalls configured on the host OS to provide effective firewall protection for connections to the StorageGRID container. If you require a firewall for connections to the StorageGRID container, you must implement the firewall externally to the host on which the container is running. You should configure a firewall for all connections that are not on a trusted internal network.