Network port requirements
You might need to allow the following ports through your data center's edge firewall so that you can manage the system remotely, allow clients outside of your data center to connect to resources, and ensure that internal services can function properly. Some of these ports, URLs, or IP addresses might not be required, depending on how you use the system.
All ports are TCP unless stated otherwise, and all TCP ports must support three-way handshake communication between the NetApp Support Server, management node, and nodes running Element software. For example, the host on a management node source communicates with the host on a storage cluster MVIP destination through TCP port 443, and the destination host communicates back to the source host through any port.
The following abbreviations are used in the table:
-
MIP: Management IP address, a per-node address
-
SIP: Storage IP address, a per-node address
-
MVIP: Management virtual IP address
-
SVIP: Storage virtual IP address
Source | Destination | Port | Description |
---|---|---|---|
Compute node BMC/IPMI |
Management node |
111 TCP/UDP |
NetApp Hybrid Cloud Control API communication |
Compute node BMC/IPMI |
Management node |
137-138 UDP |
NetApp Hybrid Cloud Control API communication |
Compute node BMC/IPMI |
Management node |
445 |
NetApp Hybrid Cloud Control API communication |
Compute node BMC/IPMI |
Management node |
623 UDP |
Remote Management Control Protocol (RMCP) port. Required for NetApp Hybrid Cloud Control compute firmware upgrades. |
Compute node BMC/IPMI |
Management node |
2049 TCP/UDP |
NetApp Hybrid Cloud Control API communication |
iSCSI clients |
Storage cluster MVIP |
443 |
(Optional) UI and API access |
iSCSI clients |
Storage cluster SVIP |
3260 |
Client iSCSI communications |
iSCSI clients |
Storage node SIP |
3260 |
Client iSCSI communications |
Management node |
|
22 |
Reverse SSH tunnel for support access |
Management node |
Storage node MIP |
22 |
SSH access for support |
Management node |
DNS servers |
53 TCP/UDP |
DNS lookup |
Management node |
Compute node BMC/IPMI |
139 |
NetApp Hybrid Cloud Control API communication |
Management node |
Storage node MIP |
442 |
UI and API access to storage node and Element software upgrades |
Management node |
Storage node MVIP |
442 |
UI and API access to storage node and Element software upgrades |
Management node |
|
443 |
Element software upgrades |
Management node |
Baseboard management controller (BMC) |
443 |
Hardware monitoring and inventory connection (Redfish and IPMI commands) |
Management node |
Compute node BMC/IPMI |
443 |
NetApp Hybrid Cloud Control HTTPS communication |
Management node |
|
443 |
Storage cluster reporting to Active IQ |
Management node |
Storage cluster MVIP |
443 |
UI and API access to storage node and Element software upgrades |
Management node |
VMware vCenter |
443 |
NetApp Hybrid Cloud Control HTTPS communication |
Management node |
Compute node BMC/IPMI |
623 UDP |
Remote Management Control Protocol (RMCP) port. Required for NetApp Hybrid Cloud Control compute firmware upgrades. |
Management node |
Storage node BMC/IPMI |
623 UDP |
RMCP port. This is required to manage IPMI-enabled systems. |
Management node |
VMware vCenter |
5988-5989 |
NetApp Hybrid Cloud Control HTTPS communication |
Management node |
Witness Node |
9442 |
Per-node configuration API service |
Management node |
vCenter Server |
9443 |
vCenter Plug-in registration. The port can be closed after registration is complete. |
SNMP server |
Storage cluster MVIP |
161 UDP |
SNMP polling |
SNMP server |
Storage node MIP |
161 UDP |
SNMP polling |
Storage node BMC/IPMI |
Management node |
623 UDP |
RMCP port. This is required to manage IPMI-enabled systems. |
Storage node MIP |
DNS servers |
53 TCP/UDP |
DNS lookup |
Storage node MIP |
Management node |
80 |
Element software upgrades |
Storage node MIP |
S3/Swift endpoint |
80 |
(Optional) HTTP communication to S3/Swift endpoint for backup and recovery |
Storage node MIP |
NTP server |
123 UDP |
NTP |
Storage node MIP |
Management node |
162 UDP |
(Optional) SNMP traps |
Storage node MIP |
SNMP server |
162 UDP |
(Optional) SNMP traps |
Storage node MIP |
LDAP server |
389 TCP/UDP |
(Optional) LDAP lookup |
Storage node MIP |
Management node |
443 |
Element software upgrades |
Storage node MIP |
Remote storage cluster MVIP |
443 |
Remote replication cluster pairing communication |
Storage node MIP |
Remote storage node MIP |
443 |
Remote replication cluster pairing communication |
Storage node MIP |
S3/Swift endpoint |
443 |
(Optional) HTTPS communication to S3/Swift endpoint for backup and recovery |
Storage node MIP |
LDAPS server |
636 TCP/UDP |
LDAPS lookup |
Storage node MIP |
Management node |
10514 TCP/UDP, 514 TCP/UDP |
Syslog forwarding |
Storage node MIP |
Syslog server |
10514 TCP/UDP, 514 TCP/UDP |
Syslog forwarding |
Storage node MIP |
Remote storage node MIP |
2181 |
Intercluster communication for remote replication |
Storage node SIP |
S3/Swift endpoint |
80 |
(Optional) HTTP communication to S3/Swift endpoint for backup and recovery |
Storage node SIP |
Compute node SIP |
442 |
Compute node API, configuration and validation, and access to software inventory |
Storage node SIP |
S3/Swift endpoint |
443 |
(Optional) HTTPS communication to S3/Swift endpoint for backup and recovery |
Storage node SIP |
Remote storage node SIP |
2181 |
Intercluster communication for remote replication |
Storage node SIP |
Storage node SIP |
3260 |
Internode iSCSI |
Storage node SIP |
Remote storage node SIP |
4000 through 4020 |
Remote replication node-to-node data transfer |
System administrator PC |
Storage node MIP |
80 |
(NetApp HCI only) Landing page of NetApp Deployment Engine |
System administrator PC |
Management node |
442 |
HTTPS UI access to management node |
System administrator PC |
Storage node MIP |
442 |
HTTPS UI and API access to storage node, (NetApp HCI only) Configuration and deployment monitoring in NetApp Deployment Engine |
System administrator PC |
Compute node BMC/IPMI H410 and H600 series |
443 |
HTTPS UI and API access to node remote control |
System administrator PC |
Management node |
443 |
HTTPS UI and API access to management node |
System administrator PC |
Storage cluster MVIP |
443 |
HTTPS UI and API access to storage cluster |
System administrator PC |
Storage node BMC/IPMI H410 and H600 series |
443 |
HTTPS UI and API access to node remote control |
System administrator PC |
Storage node MIP |
443 |
HTTPS storage cluster creation, post-deployment UI access to storage cluster |
System administrator PC |
Compute node BMC/IPMI H410 and H600 series |
623 UDP |
RMCP port. This is required to manage IPMI-enabled systems. |
System administrator PC |
Storage node BMC/IPMI H410 and H600 series |
623 UDP |
RMCP port. This is required to manage IPMI-enabled systems. |
System administrator PC |
Witness Node |
8080 |
Witness Node per-node web UI |
vCenter Server |
Storage cluster MVIP |
443 |
vCenter Plug-in API access |
vCenter Server |
Management node |
8443 |
(Optional) vCenter Plug-in QoSSIOC service. |
vCenter Server |
Storage cluster MVIP |
8444 |
vCenter VASA provider access (VVols only) |
vCenter Server |
Management node |
9443 |
vCenter Plug-in registration. The port can be closed after registration is complete. |