Skip to main content
Skip table of contents

Firewall Requirements

Last Updated26 June 2023

General Network Requirements

  • All Peer Agent servers must have some form of network access to the server where the Peer Management Broker (usually the Peer Management Center) is installed.  Starting with PeerGFS v5.1, the Peer Management Broker can also be installed on a standalone server.
  • All Peer Agents must be configured with the hostname, FQDN, or IP address of the server running the Peer Management Broker.  In a multiple broker environment, Agents should be configured with the hostname, FQDN, or IP address of each Broker that they are assigned to (including both primary and failover Brokers).
  • Any Peer Agent server that will be partnered with a storage platform must be on the same domain, same network segment, and same subnet as its partner. This network must operate at speeds of at least 1 Gbit/sec.

Specific port and protocol requirements must be met to allow the necessary communication and data flow needed between the Broker, PMC, Agents, and storage platforms.  See storage platform-specific information below for the required communication ports and protocols.

Firewall Requirements

Between Peer Management Center/Peer Management Broker and the Peer Agent

    Peer Management Center/Peer Management Broker:

  • Inbound port TCP 61617 must be open for TLS/SSL communication with Peer Agents.
  • Inbound port TCP 61616 must be open for unencrypted TCP communication with Peer Agents if TLS/SSL communication is not required.

    Peer Agents:

  • Outbound port TCP 61617 must be open for TLS/SSL communication with Peer Management Center/Peer Management Broker.
  • Outbound port TCP 61616 must be open for unencrypted TCP communication with Peer Management Center/Peer Management Broker if TLS/SSL communication is not required.

Between Peer Management Center and the Internet

Peer Management Center has the following firewall requirements to upload logfiles and analytics data, as well as to check for software updates:

Between Peer Management Center and the local network

In order to be able to access the Peer Management Center Web UI or REST API the following default firewall requirements must be met:

  • Inbound port TCP 8443 (HTTPS) must be open to be able to access the Web UI.
  • Inbound port TCP 8442 (HTTPS) must be open to be able to access the REST API.

Those ports can be changed in the Peer Management Center Preferences under the General Configuration section. You also can set / update the firewall rules from there.

Between Peer Management Brokers (including on the server hosting the Peer Management Center)

  • Inbound and Outbound port TCP 61617 must be open for TLS/SSL communication between Peer Brokers.
  • Inbound and Outbound port TCP 61616 must be open for unencrypted TCP communication between Peer Brokers if TLS/SSL communication is not required.

Between a Peer Agent and Nutanix Files

  • TCP Port 9898 must be open inbound into the Peer Agent server and outbound from Nutanix Files. This allows the Peer Agent to receive file activity notifications from Nutanix Files.
  • TCP Port 9440 must be open outbound from the Peer Agent server and inbound into Nutanix Files. This allows the Peer Agent to access the HTTPS REST-based API built into Nutanix Files.
  • SMB-related ports must be open outbound from the Peer Agent server and inbound into Nutanix files. This allows the Peer Agent to read and write data.
Peer Agent
Nutanix Files
TCP 9898 <--TCP 9898
TCP 9440-->TCP 9440
SMB-->SMB

Between a Peer Agent and NetApp ONTAP | Clustered Data ONTAP

  • TCP Port 9883 must be open inbound into the Peer Agent server and outbound from each node in the NetApp cluster. This allows the Peer Agent to receive FPolicy requests from the NetApp nodes.
  • TCP Port 443 must be open outbound from the Peer Agent server and inbound into the SVM's management LIF. This allows the Peer Agent to access ONTAP's API interface.
  • SMB-related ports must be open outbound from the Peer Agent server and inbound into the SVM's data LIF(s). This allows the Peer Agent to read and write data via SMB.
  • NFS-related ports* must be open outbound from the Peer Agent server and inbound into the SVM's data LIF(s). This allows the Agent to read and write data via NFS.
Peer Agent
NetApp cluster nodes
TCP 9883<--TCP 9883
Peer Agent
SVM management LIF
TCP 443-->TCP 443
Peer Agent
SVM data LIF

SMB

-->

SMB

NFS*

-->

NFS*

* NFS support for ONTAP and FSxN is early access as of PeerGFS v5.1.1. To request more information, please visit here.

Between a Peer Agent and Amazon FSx for NetApp ONTAP (FSxN)

  • TCP Port 9883 must be open inbound into the Peer Agent server and outbound from each node in the FSxN cluster. This allows the Peer Agent to receive FPolicy requests from the FSxN nodes.
  • TCP Port 443 must be open outbound from the Peer Agent server and inbound into the SVM's management LIF. This allows the Peer Agent to access ONTAP's API interface.
  • SMB-related ports must be open outbound from the Peer Agent server and inbound into the SVM's data LIF(s). This allows the Peer Agent to read and write data via SMB.
  • NFS-related ports* must be open outbound from the Peer Agent server and inbound into the SVM's data LIF(s). This allows the Agent to read and write data via NFS.
Peer Agent
FSxN cluster nodes
TCP 9883<--TCP 9883
Peer Agent
SVM management LIF
TCP 443-->TCP 443
Peer Agent
SVM data LIF
SMB-->SMB
NFS*-->NFS*

* NFS support for ONTAP and FSxN is early access as of PeerGFS v5.1.1. To request more information, please visit here.

Between a Peer Agent and NetApp 7-Mode

  • SMB-related ports must be open in both directions for both the Peer Agent server and the NetApp filer. This allows the Peer Agent to read and write data, access ONTAPI, and receive FPolicy requests from the filer.
Peer Agent
7Mode Filer
SMB-->SMB

Between a Peer Agent and Dell PowerScale | EMC Isilon

  • TCP Port 12228 must be open inbound into the CEE services installed on the Peer Agent server and outbound from each node in the PowerScale or Isilon cluster. This allows CEE to receive audit notifications from the cluster.

  • TCP Ports 22 and 8080 must be open outbound from the Peer Agent and inbound into each node in the PowerScale or Isilon cluster. This allows the Peer Agent to access the SSH- and web-based API built into OneFS.
  • SMB-related ports must be open outbound from the Peer Agent and inbound into each node in the PowerScale or Isilon cluster. This allows the Peer Agent to read and write data.
CEE service
PowerScale | Isilon
TCP 12228<--TCP 12228
Peer Agent
PowerScale | Isilon
TCP 22-->TCP 22
TCP 8080-->TCP 8080
SMB-->SMB

Between a Peer Agent and Dell EMC Unity

  • TCP Port 12228 must be open inbound into the CEE services installed on the Peer Agent server and outbound from the NAS server. This allows CEE to receive notifications from Unity.

  • TCP Port 443 must be open outbound from the Peer Agent and inbound into the NAS server. This allows the Peer Agent to access the web-based API built into Unity OE.
  • SMB-related ports must be open outbound from the Peer Agent and inbound into the NAS server. This allows the Peer Agent to read and write data.
CEE service
Unity
TCP 12228<--TCP 12228
Peer Agent
Unity
TCP 443-->TCP 443
SMB-->SMB

Between a Peer Agent and Dell EMC Celerra | VNX | VNX2

  • TCP Port 12228 must be open inbound into the CEE services installed on the Peer Agent server and outbound from the data mover. This allows CEE to receive notifications from the data mover.

  • TCP Port 443 must be open outbound from the Peer Agent and inbound into the data mover. This allows the Peer Agent to access the web-based API built into DART.
  • SMB-related ports must be open outbound from the Peer Agent and inbound into the data mover. This allows the Peer Agent to read and write data.
CEE service
Celerra | VNX | VNX2
TCP 12228<--TCP 12228
Peer Agent
Celerra | VNX | VNX2
TCP 443-->TCP 443
SMB-->SMB

Notes on Ports

SMB Ports

SMB-related ports are typically:

Port TCP/UDP 137NBT Name services
Port UDP 138NBT Datagram services
Port TCP 139SMB 1.0 / NBT
Port TCP 445SMB 2 and above

NFS Ports

NFS-related ports are typically:

Port TCP/UDP 2049

Used by the NFS daemon

Port TCP/UDP 111

Used by portmapper for NFS v3 only



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.