防火墙要求

9个月前
2021年6月29日
0答复
1138意见

UserLevel 3

Ashwin.Ramaswamy
Nutanix员工
1回复

使用这些防火墙要求在外部防火墙中配置规则，以允许Nutanix远程支持，脉冲，SMTP，1键升级和LCM更新。

来源	控制器VM / Prism Central IP地址
目的地	NSC01.NUTANIX.NET和NSC02.NUTANIX.NET
协议 - 端口	TCP -80和8443
行动	允许

来源	控制器VM / Prism Central IP地址	允许脉冲消息从集群到Nutanix支持服务器。群集中的每个控制器VM连续收集脉冲配置数据，并每15分钟发送一次脉冲度量数据Insights.nutanix.com在端口443上每15分钟以上的HTTPS一次。端口80和8443是集群用于连接到Nutanix支持服务器的默认端口NSC01.Nutanix.net和NSC02.Nutanix.net。Nutanix建议您打开两个端口。如果一个端口被禁用，则群集会自动尝试在另一个端口上连接。您可以直接打开端口，也可以通过HTTP代理使其可用。脉冲消息未使用HTTP格式化，因此，如果您使用仅允许通过端口80的HTTP流量的防火墙，则需要通过端口8443访问。 Pulse使用SSH协议通过防火墙进行通信。如果您有棱镜中央部署，请自动满足防火墙端口要求，请参见《 Prism Central指南》中的“ Prism Central代理脉冲数据”。
目的地	Insights.nutanix.com
协议 - 端口	为了Insights.nutanix.com：TCP -443 为了NSC01.Nutanix.net和NSC02.Nutanix.net： TCP -80 TCP -8443
行动	允许

来源	控制器VM / Prism Central IP地址
目的地	Insights.nutanix.com和指定的电子邮件地址（如果有）
协议 - 端口	TCP -443
行动	允许

来源	主站点控制器VM IP地址（包括虚拟IP地址）
目的地	复制站点控制器VM IP地址（包括虚拟IP地址）
协议 - 端口	TCP港口2009/2020- AOS通信 UDP端口53 -DNS HTTPS端口443- AWS或Azure通信 TCP端口22 -SSH通信与Nutanix控制器VM TCP端口3000
行动	允许

来源	SMTP服务器IP地址	允许将群集电子邮件发送到Nutanix支持脉冲。如果您的安全策略不允许打开端口80和8443，则Pulse可以使用任何可访问的SMTP服务器发送消息。如果您没有SMTP服务器，则可以使用HTTP代理。
目的地	nos-alerts@nutanix.com和nos-asups@nutanix.com
协议 - 端口	SMTP -25,465或587（标准）
行动	允许

来源	控制器VM / Prism Central IP地址	笔记：目标IP地址范围由外部服务提供商（AWS）控制。请参阅AWS文档主题AWS IP地址范围。
目的地	.compute-。Amazonaws.com:80，443 Release-api.nutanix.com:80，443 ntnx-portal.s3.amazonaws.com S3*.Amazonaws.com 下载.nutanix.com
协议 - 端口	HTTP -80 HTTPS -443
行动	允许

来源	控制器VM IP地址
目的地	Release-api.nutanix.com:80，443 下载.nutanix.com
协议 - 端口	http：80（均下载.nutanix.com和Release-api.nutanix.com） https：443（均下载.nutanix.com和Release-api.nutanix.com）
行动	允许

来源	客户访问启用nutanix卷的群集的客户
目的地	Nutanix群集，通过群集ISCSI数据服务IP地址
客户端口	3260和3205
行动	允许

Aramaswamy

Use these firewall requirements to configure rules in your external firewall to allow Nutanix Remote Support, Pulse, SMTP, 1-click upgrades, and LCM updates.<\/span><\/p>

\t\t\t

Source<\/span><\/p>\t\t\t<\/td>\t\t\t

\t\t\t

Controller VM \/ Prism Central IP addresses<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>

\t\t\t

Destination<\/span><\/p>\t\t\t<\/td>\t\t\t

\t\t\t

nsc01.nutanix.net and nsc02.nutanix.net<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>

\t\t\t

Protocol - Port<\/span><\/p>\t\t\t<\/td>\t\t\t

\t\t\t

TCP - 80 and 8443<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>

\t\t\t

Action<\/span><\/p>\t\t\t<\/td>\t\t\t

\t\t\t

ALLOW<\/span><\/p>\t\t\t<\/td>\t\t<\/tr><\/tbody><\/table>

\u00a0<\/p>
\t\t\t
Source<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
Controller VM \/ Prism Central IP addresses<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
Allows Pulse messages from the cluster to Nutanix support servers.<\/span><\/p>\t\t\t
\t\t\t\t
Each Controller VM in your cluster collects Pulse configuration data continuously and sends Pulse metric data every 15 minutes to <\/span>insights.nutanix.com<\/span> over port 443 once every 15 minutes over HTTPS. Ports 80 and 8443 are the default ports that the cluster uses to connect to the Nutanix support servers <\/span>nsc01.nutanix.net<\/span> and <\/span>nsc02.nutanix.net<\/span>. Nutanix recommends that you open both ports. If one port is disabled, the cluster automatically tries to connect on the other. You can open the ports directly or make them available through an HTTP proxy.<\/span><\/p>\t\t\t\t<\/li>\t\t\t\t
\t\t\t\t
Pulse messages are not HTTP formatted, so if you use a firewall that only allows HTTP traffic through port 80, Pulse requires access through port 8443.<\/span><\/p>\t\t\t\t<\/li>\t\t\t\t
\t\t\t\t
Pulse uses the SSH protocol for communication through the firewall.<\/span><\/p>\t\t\t\t<\/li>\t\t\t\t
\t\t\t\t
Firewall port requirements are automatically met if you have a Prism Central deployment, see \"Prism Central Proxy for Pulse Data\" in the Prism Central Guide.<\/span><\/p>\t\t\t\t<\/li>\t\t\t<\/ul><\/td>\t\t<\/tr>
\t\t\t
Destination<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
insights.nutanix.com<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Protocol - Port<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
For <\/span>insights.nutanix.com<\/span>: TCP - 443<\/span><\/p>\t\t\t
For <\/span>nsc01.nutanix.net<\/span> and <\/span>nsc02.nutanix.net<\/span>:<\/span><\/p>\t\t\t
\t\t\t\t
TCP - 80<\/span><\/p>\t\t\t\t<\/li>\t\t\t\t
\t\t\t\t
TCP - 8443<\/span><\/p>\t\t\t\t<\/li>\t\t\t<\/ul><\/td>\t\t<\/tr>
\t\t\t
Action<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
ALLOW<\/span><\/p>\t\t\t<\/td>\t\t<\/tr><\/tbody><\/table>
\u00a0<\/p>
\t\t\t
Source<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
Controller VM \/ Prism Central IP addresses<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Destination<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
insights.nutanix.com and designated email addresses (if any)<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Protocol - Port<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
TCP - 443<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Action<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
ALLOW<\/span><\/p>\t\t\t<\/td>\t\t<\/tr><\/tbody><\/table>
\u00a0<\/p>
\t\t\t
Source<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
Primary Site Controller VM IP addresses (including Virtual IP Addresses)<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Destination<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
Replication Site Controller VM IP addresses (including Virtual IP Addresses)<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Protocol - Port<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
\t\t\t\t
TCP ports 2009\/2020 - AOS communications<\/span><\/p>\t\t\t\t<\/li>\t\t\t\t
\t\t\t\t
UDP port 53 - DNS<\/span><\/p>\t\t\t\t<\/li>\t\t\t\t
\t\t\t\t
HTTPS port 443 - AWS or Azure communication<\/span><\/p>\t\t\t\t<\/li>\t\t\t\t
\t\t\t\t
TCP port 22 - SSH communication to Nutanix Controller VM<\/span><\/p>\t\t\t\t<\/li>\t\t\t\t
\t\t\t\t
TCP port 3000<\/span><\/p>\t\t\t\t<\/li>\t\t\t<\/ul><\/td>\t\t<\/tr>
\t\t\t
Action<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
ALLOW<\/span><\/p>\t\t\t<\/td>\t\t<\/tr><\/tbody><\/table>
\u00a0<\/p>
\t\t\t
Source<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
SMTP Server IP Address<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
Allows cluster e-mails to be sent to Nutanix Support for Pulse.<\/span><\/p>\t\t\t
If your security policy does not allow ports 80 and 8443 to be opened, Pulse can send messages using any accessible SMTP server.<\/span><\/p>\t\t\t
If you do not have an SMTP server, you can use an HTTP proxy.<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Destination<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
nos-alerts@nutanix.com and nos-asups@nutanix.com<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Protocol - Port<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
SMTP - 25,465, or 587 (standard)<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Action<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
ALLOW<\/span><\/p>\t\t\t<\/td>\t\t<\/tr><\/tbody><\/table>
\u00a0<\/p>
\t\t\t
Source<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
Controller VM \/ Prism Central IP addresses<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
Note:<\/strong> The destination IP address ranges are controlled by the external service provider (AWS). See the AWS documentation topic AWS IP Address Ranges.<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Destination<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
\t\t\t\t
*.compute-*.amazonaws.com:80, 443<\/span><\/p>\t\t\t\t<\/li>\t\t\t\t
\t\t\t\t
release-api.nutanix.com:80, 443<\/span><\/p>\t\t\t\t<\/li>\t\t\t\t
\t\t\t\t
ntnx-portal.s3.amazonaws.com<\/span><\/p>\t\t\t\t<\/li>\t\t\t\t
\t\t\t\t
s3*.amazonaws.com<\/span><\/p>\t\t\t\t<\/li>\t\t\t\t
\t\t\t\t
download.nutanix.com<\/span><\/p>\t\t\t\t<\/li>\t\t\t<\/ul><\/td>\t\t<\/tr>
\t\t\t
Protocol - Port<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
HTTP - 80<\/span><\/p>\t\t\t
HTTPS - 443<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Action<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
ALLOW<\/span><\/p>\t\t\t<\/td>\t\t<\/tr><\/tbody><\/table>
\u00a0<\/p>
\t\t\t
Source<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
Controller VM IP addresses<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Destination<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
\t\t\t\t
release-api.nutanix.com:80, 443<\/span><\/p>\t\t\t\t<\/li>\t\t\t\t
\t\t\t\t
download.nutanix.com<\/span><\/p>\t\t\t\t<\/li>\t\t\t<\/ul><\/td>\t\t<\/tr>
\t\t\t
Protocol - Port<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
\t\t\t\t
HTTP: 80 (both download.nutanix.com and release-api.nutanix.com)<\/span><\/p>\t\t\t\t<\/li>\t\t\t\t
\t\t\t\t
HTTPS: 443 (both download.nutanix.com and release-api.nutanix.com)<\/span><\/p>\t\t\t\t<\/li>\t\t\t<\/ul><\/td>\t\t<\/tr>
\t\t\t
Action<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
ALLOW<\/span><\/p>\t\t\t<\/td>\t\t<\/tr><\/tbody><\/table>
\u00a0<\/p>
\t\t\t
Source<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
Clients accessing the cluster where Nutanix Volumes is enabled<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Destination<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
Nutanix cluster, through the cluster iSCSI Data Services IP Address<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Ports on clients<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
3260 and 3205<\/span><\/p>\t\t\t<\/td>\t\t<\/tr>
\t\t\t
Action<\/span><\/p>\t\t\t<\/td>\t\t\t
\t\t\t
ALLOW<\/span><\/p>\t\t\t<\/td>\t\t<\/tr><\/tbody><\/table>
\u00a0<\/p>","quoteUsername":"ashwin.ramaswamy","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

像

引用

分享

该主题已关闭以供评论

由内部提供动力

条款和条件

注册

已经有一个帐户？登录

使用您的帐户登录

登录社区

使用您的帐户登录

输入您的用户名或电子邮件地址。我们将向您发送带有指令的电子邮件以重置您的密码。

用户名或电子邮件

返回概述

扫描病毒文件。

抱歉，我们仍在检查该文件的内容，以确保它可以安全下载。请在几分钟后再试一次。
好的

该文件无法下载

抱歉，我们的病毒扫描仪检测到该文件无法安全下载。
好的

Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">