Skip to main content
Setup and administration

Connector firewall rules in Google Cloud

Contributors netapp-bcammett

The Google Cloud firewall rules for the Connector requires both inbound and outbound rules. BlueXP automatically creates this security group when you create a Connector from BlueXP. You need to set up this security group for all other installation options.

Inbound rules

Protocol Port Purpose

SSH

22

Provides SSH access to the Connector host

HTTP

80

Provides HTTP access from client web browsers to the local user interface

HTTPS

443

Provides HTTPS access from client web browsers to the local user interface

TCP

3128

Provides Cloud Volumes ONTAP with internet access to send AutoSupport messages to NetApp Support. You must manually open this port after deployment. Learn how the Connector is used as a proxy for AutoSupport messages

Outbound rules

The predefined firewall rules for the Connector opens all outbound traffic. If that is acceptable, follow the basic outbound rules. If you need more rigid rules, use the advanced outbound rules.

Basic outbound rules

The predefined firewall rules for the Connector includes the following outbound rules.

Protocol Port Purpose

All TCP

All

All outbound traffic

All UDP

All

All outbound traffic

Advanced outbound rules

If you need rigid rules for outbound traffic, you can use the following information to open only those ports that are required for outbound communication by the Connector.

Note The source IP address is the Connector host.
Service Protocol Port Destination Purpose

API calls and AutoSupport

HTTPS

443

Outbound internet and ONTAP cluster management LIF

API calls to Google Cloud, to ONTAP, to BlueXP classification, and sending AutoSupport messages to NetApp

API calls

TCP

8080

BlueXP classification

Probe to BlueXP classification instance during deployment

DNS

UDP

53

DNS

Used for DNS resolve by BlueXP