Agent firewall rules in Google Cloud
The Google Cloud firewall rules for the agent requires both inbound and outbound rules. The NetApp Console automatically creates this security group when you create a Console agent from the Console. for other installation options, you need to set up this security group manually.
Inbound rules
Protocol | Port | Purpose |
---|---|---|
SSH |
22 |
Provides SSH access to the agent host |
HTTP |
80 |
|
HTTPS |
443 |
Provides HTTPS access from client web browsers to the local user interface |
TCP |
3128 |
Provides Cloud Volumes ONTAP with internet access. You must manually open this port after deployment. |
Outbound rules
The agent's predefined firewall rules open all outbound traffic. Follow basic outbound rules if acceptable, or use advanced outbound rules for stricter requirements.
Basic outbound rules
The predefined firewall rules for the agent include the following outbound rules.
Protocol | Port | Purpose |
---|---|---|
All TCP |
All |
All outbound traffic |
All UDP |
All |
All outbound traffic |
Advanced outbound rules
If you need rigid rules for outbound traffic, you can use the following information to open only those ports that are required for outbound communication by the agent.
|
The source IP address is the agent host. |
Service | Protocol | Port | Destination | Purpose |
---|---|---|---|---|
API calls and AutoSupport |
HTTPS |
443 |
Outbound internet and ONTAP cluster management LIF |
API calls to Google Cloud, to ONTAP, to NetApp Data Classification, and sending AutoSupport messages to NetApp |
API calls |
TCP |
8080 |
Data Classification |
Probe to Data Classification instance during deployment |
DNS |
UDP |
53 |
DNS |
Used for DNS resolve by Data Classification |