Skip to main content

Controlling access through firewalls

Contributors netapp-lhalbert
PDFs

When you want to control access through firewalls, you open or close specific ports at the external firewall.

Controlling access at the external firewall

You can control access to the user interfaces and APIs on StorageGRID Admin Nodes by opening or closing specific ports at the external firewall. For example, you might want to prevent tenants from being able to connect to the Grid Manager at the firewall, in addition to using other methods to control system access.

Port Description If port is open…​

443

Default HTTPS port for Admin Nodes

Web browsers and management API clients can access the Grid Manager, the Grid Management API, the Tenant Manager, and the Tenant Management API.

Note: Port 443 is also used for some internal traffic.

8443

Restricted Grid Manager port on Admin Nodes

  • Web browsers and management API clients can access the Grid Manager and the Grid Management API using HTTPS.

  • Web browsers and management API clients cannot access the Tenant Manager or the Tenant Management API.

  • Requests for internal content will be rejected.

9443

Restricted Tenant Manager port on Admin Nodes

  • Web browsers and management API clients can access the Tenant Manager and the Tenant Management API using HTTPS.

  • Web browsers and management API clients cannot access the Grid Manager or the Grid Management API.

  • Requests for internal content will be rejected.
Important Single sign-on (SSO) is not available on the restricted Grid Manager or Tenant Manager ports. You must use the default HTTPS port (443) if you want users to authenticate with single sign-on.
Related information

Signing in to the Grid Manager

Creating a tenant account if StorageGRID is not using SSO

Summary: IP addresses and ports for client connections

Managing untrusted Client Networks

Install Ubuntu or Debian

Install VMware

Install Red Hat Enterprise Linux or CentOS