This documentation is for a previous release of Cloud Manager. Go to the docs for the latest release.
Security group rules for AWS
Contributors
Cloud Manager creates AWS security groups that include the inbound and outbound rules that Cloud Manager and ONTAP Cloud need to operate successfully. You might want to refer to the ports for testing purposes or if you prefer your to use own security groups.
Security group rules for Cloud Manager
Inbound rules
The source for inbound rules is 0.0.0.0/0.
| Type | Port range | Purpose |
|---|---|---|
SSH |
22 |
SSH connections to Cloud Manager |
HTTP |
80 |
Accessing the Cloud Manager console |
HTTPS |
443 |
Accessing the Cloud Manager console |
Outbound rules
| Type | Port range | Purpose |
|---|---|---|
All TCP |
All |
All outbound traffic |
All UDP |
All |
All outbound traffic |
Security group rules for ONTAP Cloud
Inbound rules
The source for inbound rules is 0.0.0.0/0.
| Type | Port range | Purpose |
|---|---|---|
All ICMP |
All |
Pinging the instance |
Custom TCP Rule |
111 |
Portmapper |
Custom TCP Rule |
139 |
NetBIOS |
Custom TCP Rule |
161-162 |
SNMP |
Custom TCP Rule |
445 |
Microsoft SMB |
Custom TCP Rule |
635 |
NFS mount |
Custom TCP Rule |
749 |
Kerberos |
Custom TCP Rule |
2049 |
NFS |
Custom TCP Rule |
3260 |
iSCSI |
Custom TCP Rule |
4045-4046 |
NFS mountd |
Custom TCP Rule |
10000 |
NDMP |
Custom TCP Rule |
11104-11105 |
Intercluster management and data |
Custom UDP Rule |
111 |
Portmapper |
Custom UDP Rule |
161-162 |
SNMP |
Custom UDP Rule |
635 |
NFS mount |
Custom UDP Rule |
2049 |
NFS |
Custom UDP Rule |
4045-4046 |
NFS mountd |
HTTP |
80 |
System Manager access |
HTTPS |
443 |
System Manager access |
SSH |
22 |
SSH to the CLI |
Outbound rules
| Type | Port range | Purpose |
|---|---|---|
All ICMP |
All |
All outbound traffic (SnapMirror and SnapVault) |
All TCP |
All |
All outbound traffic |
All UDP |
All |
All outbound traffic |
External security group rules for the HA mediator
Inbound rules
The source for inbound rules is 0.0.0.0/0.
| Type | Port range | Purpose |
|---|---|---|
SSH |
22 |
SSH connections to the HA mediator |
TCP |
3000 |
RESTful API access from Cloud Manager |
Outbound rules
| Type | Port range | Purpose |
|---|---|---|
All TCP |
All |
All outbound traffic |
All UDP |
All |
All outbound traffic |
Internal security group rules for the HA mediator
Cloud Manager always creates this security group. You do not have the option to use your own security group.
Inbound rules
| Type | Port range | Purpose |
|---|---|---|
All traffic |
All |
Communication between the HA mediator and ONTAP Cloud HA nodes only |
Outbound rules
| Type | Port range | Purpose |
|---|---|---|
All traffic |
All |
Communication between the HA mediator and ONTAP Cloud HA nodes only |