Firewall configurations

Purpose

Incorrect firewall rules can cause outages and make it difficult to resolve issues. These need to be verified by the customer’s network/firewall team.

Procedure

1. Ensure that the connectivity between all VOSS nodes allows bidirectional traffic for ports 80, 443 and 8443. For example, to test platform API connectivity on port 8443 from all other hosts back to a node with an IP address of 10.0.0.10:
   1. SSH to 10.0.0.10
   2. Run cluster run all diag test_connection 10.0.0.10 8443 --force to test connectivity from the other hosts in the cluster.
2. Ensure that ports 27020 and 27030 are bidirectionally open between unified nodes. For example, to test connectivity from all unified to the arbiter running on a primary node with IP address 10.0.0.10:
   1. SSH to 10.0.0.10
   2. Run cluster run database diag test_connection 10.0.0.10 27030 --force to test connectivity from the unified hosts in the cluster.
3. From VOSS unified nodes, ensure that all Cisco equipment, managed by VOSS is accessible on the relevant ports. For example, to test connectvity from a CUCDM cluster to a CUC on 172.16.0.10:
   1. SSH to the primary unified node
   2. Run cluster run application diag test_connection 172.16.0.10 443 to test HTTPS connectivity to a remote host.