Network port requirements
Suggest changes
PDFs
You might need to allow the following TCP and UDP ports through your data center's edge firewall so that you can manage the system remotely and allow clients outside of your data center to connect to resources. Some of these ports might not be required, depending on how you use the system.
All ports are TCP unless stated otherwise, and all TCP ports must support three-way handshake communication between the NetApp Support Server, management node, and nodes running Element software. For example, the host on a management node source communicates with the host on a storage cluster MVIP destination through TCP port 443, and the destination host communicates back to the source host through any port.
|
Enable ICMP between the management node, nodes running Element software, and cluster MVIP. |
The following abbreviations are used in the table:
-
MIP: Management IP address, a per-node address
-
SIP: Storage IP address, a per-node address
-
MVIP: Management virtual IP address
-
SVIP: Storage virtual IP address
| Source | Destination | Port | Description |
|---|---|---|---|
iSCSI clients |
Storage cluster MVIP |
443 |
(Optional) UI and API access |
iSCSI clients |
Storage cluster SVIP |
3260 |
Client iSCSI communications |
iSCSI clients |
Storage node SIP |
3260 |
Client iSCSI communications |
Management node |
|
22 |
Reverse SSH tunnel for support access |
Management node |
Storage node MIP |
22 |
SSH access for support |
Management node |
DNS servers |
53 TCP/UDP |
DNS lookup |
Management node |
Storage node MIP |
442 |
UI and API access to storage node and Element software upgrades |
Management node |
Storage cluster MVIP |
442 |
UI and API access to storage node and Element software upgrades |
Management node |
|
443 |
Storage cluster reporting to Active IQ |
Management node |
Storage cluster MVIP |
443 |
UI and API access to storage node and Element software upgrades |
Management node |
repo.netapp.com |
443 |
Provides access to components necessary to install/update on-premises deployment. |
Management node |
Storage node BMC/IPMI |
623 UDP |
RMCP port. This is required to manage IPMI-enabled systems. |
Management node |
Witness Node |
9442 |
Per-node configuration API service |
Management node |
vCenter Server |
9443 |
vCenter Plug-in registration. The port can be closed after registration is complete. |
SNMP server |
Storage cluster MVIP |
161 UDP |
SNMP polling |
SNMP server |
Storage node MIP |
161 UDP |
SNMP polling |
Storage node BMC/IPMI |
Management node |
623 UDP |
RMCP port. This is required to manage IPMI-enabled systems. |
Storage node MIP |
DNS servers |
53 TCP/UDP |
DNS lookup |
Storage node MIP |
Management node |
80 |
Element software upgrades |
Storage node MIP |
S3/Swift endpoint |
80 |
(Optional) HTTP communication to S3/Swift endpoint for backup and recovery |
Storage node MIP |
NTP server |
123 UDP |
NTP |
Storage node MIP |
Management node |
162 UDP |
(Optional) SNMP traps |
Storage node MIP |
SNMP server |
162 UDP |
(Optional) SNMP traps |
Storage node MIP |
LDAP server |
389 TCP/UDP |
(Optional) LDAP lookup |
Storage node MIP |
Management node |
443 |
Element storage firmware upgrades |
Storage node MIP |
Remote storage cluster MVIP |
443 |
Remote replication cluster pairing communication |
Storage node MIP |
Remote storage node MIP |
443 |
Remote replication cluster pairing communication |
Storage node MIP |
S3/Swift endpoint |
443 |
(Optional) HTTPS communication to S3/Swift endpoint for backup and recovery |
Storage node MIP |
Management node |
514 TCP/UDP 10514 TCP/UDP |
Syslog forwarding |
Storage node MIP |
Syslog server |
514 TCP/UDP 10514 TCP/UDP |
Syslog forwarding |
Storage node MIP |
LDAPS server |
636 TCP/UDP |
LDAPS lookup |
Storage node MIP |
Remote storage node MIP |
2181 |
Intercluster communication for remote replication |
Storage node SIP |
Remote storage node SIP |
2181 |
Intercluster communication for remote replication |
Storage node SIP |
Storage node SIP |
3260 |
Internode iSCSI |
Storage node SIP |
Remote storage node SIP |
4000 through 4020 |
Remote replication node-to-node data transfer |
System administrator PC |
Management node |
442 |
HTTPS UI access to management node |
System administrator PC |
Storage node MIP |
442 |
HTTPS UI and API access to storage node |
System administrator PC |
Management node |
443 |
HTTPS UI and API access to management node |
System administrator PC |
Storage cluster MVIP |
443 |
HTTPS UI and API access to storage cluster |
System administrator PC |
Storage node baseboard management controller (BMC)/Intelligent Platform Management Interface (IPMI) H410 and H600 series |
443 |
HTTPS UI and API access to node remote control |
System administrator PC |
Storage node MIP |
443 |
HTTPS storage cluster creation, post-deployment UI access to storage cluster |
System administrator PC |
Storage node BMC/IPMI H410 and H600 series |
623 UDP |
Remote Management Control Protocol port. This is required to manage IPMI-enabled systems. |
System administrator PC |
Witness Node |
8080 |
Witness Node per-node web UI |
vCenter Server |
Storage cluster MVIP |
443 |
vCenter Plug-in API access |
vCenter Server |
Remote plug-in |
8333 |
Remote vCenter Plug-in service |
vCenter Server |
Management node |
8443 |
(Optional) vCenter Plug-in QoSSIOC service. |
vCenter Server |
Storage cluster MVIP |
8444 |
vCenter VASA provider access (VVols only) |
vCenter Server |
Management node |
9443 |
vCenter Plug-in registration. The port can be closed after registration is complete. |