Firewall configurations
-----------------------


Incorrect firewall rules can cause outages and make it difficult to
resolve issues. These need to be verified by the customer's network/firewall
team.



1. Ensure that the connectivity between all VOSS nodes allows bidirectional
   traffic for ports 80, 443 and 8443.  For example, to test platform API 
   connectivity on port 8443 from all other hosts back to a node with an IP
   address of *10.0.0.10*:

   a. SSH to *10.0.0.10*
   b. Run ``cluster run all diag test_connection 10.0.0.10 8443 --force`` to test
      connectivity **from** the other hosts in the cluster.

2. Ensure that ports 27020 and 27030 are bidirectionally open between unified
   nodes.  For example, to test connectivity from all unified to the arbiter running on a
   primary node with IP address *10.0.0.10*:

   a. SSH to *10.0.0.10*
   b. Run ``cluster run database diag test_connection 10.0.0.10 27030 --force`` 
      to test connectivity from the unified hosts in the cluster.

3. From VOSS unified nodes, ensure that all Cisco equipment managed by VOSS
   is accessible on the relevant ports. For example, to test connectivity from a 
   VOSS Automate cluster to a CUC on 172.16.0.10:
   
   a. SSH to the primary unified node
   b. Run ``cluster run application diag test_connection 172.16.0.10 443`` to
      test HTTPS connectivity to a remote host.