Security group rules for AWS Edit on GitHub

Cloud Manager creates AWS security groups that include the inbound and outbound rules that Cloud Manager and Cloud Volumes ONTAP need to operate successfully. You might want to refer to the ports for testing purposes or if you prefer your to use own security groups.

Security group rules for Cloud Manager

Inbound rules

The source for inbound rules is 0.0.0.0/0.

Type Port range Purpose

SSH

22

SSH connections to Cloud Manager

HTTP

80

Accessing the Cloud Manager console

HTTPS

443

Accessing the Cloud Manager console

Outbound rules

Type Port range Purpose

All TCP

All

All outbound traffic

All UDP

All

All outbound traffic

Security group rules for Cloud Volumes ONTAP

Inbound rules

The source for inbound rules is 0.0.0.0/0.

Type Port range Purpose

All ICMP

All

Pinging the instance

Custom TCP Rule

111

Portmapper

Custom TCP Rule

139

NetBIOS

Custom TCP Rule

161-162

SNMP

Custom TCP Rule

445

Microsoft SMB

Custom TCP Rule

635

NFS mount

Custom TCP Rule

749

Kerberos

Custom TCP Rule

2049

NFS

Custom TCP Rule

3260

iSCSI

Custom TCP Rule

4045-4046

NFS mountd

Custom TCP Rule

10000

NDMP

Custom TCP Rule

11104-11105

Intercluster management and data

Custom UDP Rule

111

Portmapper

Custom UDP Rule

161-162

SNMP

Custom UDP Rule

635

NFS mount

Custom UDP Rule

2049

NFS

Custom UDP Rule

4045-4046

NFS mountd

HTTP

80

System Manager access

HTTPS

443

System Manager access

SSH

22

SSH to the CLI

Outbound rules

Type Port range Purpose

All ICMP

All

All outbound traffic (SnapMirror and SnapVault)

All TCP

All

All outbound traffic

All UDP

All

All outbound traffic

External security group rules for the HA mediator

Inbound rules

The source for inbound rules is 0.0.0.0/0.

Type Port range Purpose

SSH

22

SSH connections to the HA mediator

TCP

3000

RESTful API access from Cloud Manager

Outbound rules

Type Port range Purpose

All TCP

All

All outbound traffic

All UDP

All

All outbound traffic

Internal security group rules for the HA mediator

Cloud Manager always creates this security group. You do not have the option to use your own security group.

Inbound rules

Type Port range Purpose

All traffic

All

Communication between the HA mediator and HA nodes only

Outbound rules

Type Port range Purpose

All traffic

All

Communication between the HA mediator and HA nodes only