Firewall configurations#

Incorrect firewall rules can cause outages and make it difficult to resolve issues. These need to be verified by the customer’s network/firewall team.

  1. Ensure that the connectivity between all VOSS nodes allows bidirectional traffic for ports 80, 443 and 8443. For example, to test platform API connectivity on port 8443 from all other hosts back to a node with an IP address of 10.0.0.10:

    1. SSH to 10.0.0.10

    2. Run cluster run all diag test_connection 10.0.0.10 8443 --force to test connectivity from the other hosts in the cluster.

  2. Ensure that ports 27020 and 27030 are bidirectionally open between:

    • unified nodes (multinode unified topology)

    • database nodes (modular cluster topology)

    • database and application nodes (modular cluster topology)

    For example, to test connectivity from all unified to the arbiter running on a primary node with IP address 10.0.0.10:

    1. SSH to 10.0.0.10

    2. Run cluster run database diag test_connection 10.0.0.10 27030 --force to test connectivity from the unified hosts (multinode unified topology) or database nodes (modular cluster topology) in the cluster.

  3. From VOSS unified nodes (multinode unified topology) / application and database nodes (modular cluster topology), ensure that all Cisco equipment managed by VOSS is accessible on the relevant ports. For example, to test connectivity from a VOSS Automate cluster to a CUC on 172.16.0.10:

    1. SSH to the primary unified node (multinode unified topology) / application node (modular cluster topology).

    2. Run cluster run application diag test_connection 172.16.0.10 443 to test HTTPS connectivity to a remote host.