Network port requirements
You might need to allow the following TCP ports through your datacenter’s edge firewall so that you can manage the system remotely and allow clients outside of your datacenter to connect to resources. Some of these ports might not be required, depending on how you use the system.
All ports are TCP unless stated otherwise, and should permit bi-directional communications between the NetApp Support Server, management node, and nodes running Element software.
|
NetApp is in the process of rebuilding the online repository that hosts software and firmware bundle downloads that support the NetApp Hybrid Cloud Control automated upgrade workflow. Learn More |
|
The NetApp Hybrid Cloud Control web UI and API download software packages from the NetApp online software repository, which uses JFrog Artifactory Cloud as a distribution hub and CDN technologies for file hosting. Because of this, some URLs or IP addresses might resolve to other URLs or IP addresses based on the content delivery network. If possible, you should work with a network engineer to add these URLs or IP addresses to the firewall rules, using the following general steps: Steps
|
|
Enable ICMP between the management node, nodes running Element software, and cluster MVIP. |
The following abbreviations are used in the table:
-
MIP: Management IP address, a per-node address
-
SIP: Storage IP address, a per-node address
-
MVIP: Management virtual IP address
-
SVIP: Storage virtual IP address
Source | Destination | Port | Description |
---|---|---|---|
iSCSI clients |
Storage cluster MVIP |
443 |
(Optional) UI and API access |
iSCSI clients |
Storage cluster SVIP |
3260 |
Client iSCSI communications |
iSCSI clients |
Storage node SIP |
3260 |
Client iSCSI communications |
Management node |
sfsupport.solidfire.com |
22 |
Reverse SSH tunnel for support access |
Management node |
Storage node MIP |
22 |
SSH access for support |
Management node |
DNS servers |
53 TCP/UDP |
DNS lookup |
Management node |
Storage node MIP |
442 |
UI and API access to storage node and Element software upgrades |
Management node |
Storage cluster MVIP |
442 |
UI and API access to storage node and Element software upgrades |
Management node |
Online software repository: |
443 |
Management node service upgrades |
Management node |
monitoring.solidfire.com |
443 |
Storage cluster reporting to Active IQ |
Management node |
Storage cluster MVIP |
443 |
UI and API access to storage node and Element software upgrades |
Management node |
repo.netapp.com |
443 |
Provides access to components necessary to install/update on-premises deployment. |
Management node |
Witness Node |
9442 |
Per-node configuration API service |
Management node |
vCenter Server |
9443 |
vCenter Plug-in registration. The port can be closed after registration is complete. |
SNMP server |
Storage cluster MVIP |
161 UDP |
SNMP polling |
SNMP server |
Storage node MIP |
161 UDP |
SNMP polling |
Storage node MIP |
DNS servers |
53 TCP/UDP |
DNS lookup |
Storage node MIP |
Management node |
80 |
Element software upgrades |
Storage node MIP |
S3/Swift endpoint |
80 |
(Optional) HTTP communication to S3/Swift endpoint for backup and recovery |
Storage node MIP |
NTP server |
123 UDP |
NTP |
Storage node MIP |
Management node |
162 UDP |
(Optional) SNMP traps |
Storage node MIP |
SNMP server |
162 UDP |
(Optional) SNMP traps |
Storage node MIP |
LDAP server |
389 TCP/UDP |
(Optional) LDAP lookup |
Storage node MIP |
Management node |
443 |
Element storage firmware upgrades |
Storage node MIP |
Remote storage cluster MVIP |
443 |
Remote replication cluster pairing communication |
Storage node MIP |
Remote storage node MIP |
443 |
Remote replication cluster pairing communication |
Storage node MIP |
S3/Swift endpoint |
443 |
(Optional) HTTPS communication to S3/Swift endpoint for backup and recovery |
Storage node MIP |
Management node |
514 TCP/UDP 10514 TCP/UDP |
Syslog forwarding |
Storage node MIP |
Syslog server |
514 TCP/UDP 10514 TCP/UDP |
Syslog forwarding |
Storage node MIP |
LDAPS server |
636 TCP/UDP |
LDAPS lookup |
Storage node MIP |
Remote storage node MIP |
2181 |
Intercluster communication for remote replication |
Storage node SIP |
Remote storage node SIP |
2181 |
Intercluster communication for remote replication |
Storage node SIP |
Storage node SIP |
3260 |
Internode iSCSI |
Storage node SIP |
Remote storage node SIP |
4000 through 4020 |
Remote replication node-to-node data transfer |
System administrator PC |
Management node |
442 |
HTTPS UI access to management node |
System administrator PC |
Storage node MIP |
442 |
HTTPS UI and API access to storage node |
System administrator PC |
Management node |
443 |
HTTPS UI and API access to management node |
System administrator PC |
Storage cluster MVIP |
443 |
HTTPS UI and API access to storage cluster |
System administrator PC |
Storage node MIP |
443 |
HTTPS storage cluster creation, post-deployment UI access to storage cluster |
System administrator PC |
Witness Node |
8080 |
Witness Node per-node web UI |
vCenter Server |
Storage cluster MVIP |
443 |
vCenter Plug-in API access |
vCenter Server |
Management node |
8443 |
(Optional) vCenter Plug-in QoSSIOC service. |
vCenter Server |
Storage cluster MVIP |
8444 |
vCenter VASA provider access (VVols only) |
vCenter Server |
Management node |
9443 |
vCenter Plug-in registration. The port can be closed after registration is complete. |