https://community.cisco.com/t5/controllers/apic-em-firewall-ports-opening/m-p/3545701#M2285 <HTML><HEAD></HEAD><BODY><P>Hi Keith,</P><P></P><P>it depends what you are doing.&nbsp; I assume you are talking about inbound connections.</P><P></P><P>22 + 443&nbsp; + 14141 are required for management.</P><P>500 can be required for inter cluster comms through a FW</P><P></P><P>67 + 80 + 123 can be required for PnP (With certificates, you need NTP)</P><P>162 can be required for host update notifications (SNMP traps)</P><DIV class="section"><DIV class="column"><P>16026 is required for IWAN (APIC-EM is a CA)</P></DIV></DIV></BODY></HTML> Tue, 04 Jul 2017 08:15:41 GMT aradford 2017-07-04T08:15:41Z https://community.cisco.com/t5/controllers/apic-em-firewall-ports-opening/m-p/3545700#M2284 <HTML><HEAD></HEAD><BODY><P>I see that this document recommends the ports that SHOULD be open on the Firewall <SPAN style="color: #1f497d; font-family: Arial; font-size: 10pt;">or is it just SSH &amp; SNMP?</SPAN></P><P></P><P><SPAN style="font-size: 10.0pt; font-family: Arial; color: #1f497d;"><A href="https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/1-1-x/hardware-guide/b_apic-em_hardware_install/b_apic-em_hrd_install_appendix_01001.pdf" target="_blank">https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/1-1-x/hardware-guide/b_apic-em_hardware_install/b_apic-em_hrd_install_appendix_01001.pdf</A></SPAN></P><P>&nbsp; </P><P><SPAN style="font-size: 10pt;">Is this mandatory?</SPAN></P><P></P><P>What stops working if we dont open them?</P><P></P><P>Keith</P></BODY></HTML> Tue, 12 Mar 2019 23:10:17 GMT https://community.cisco.com/t5/controllers/apic-em-firewall-ports-opening/m-p/3545700#M2284 keitwils 2019-03-12T23:10:17Z https://community.cisco.com/t5/controllers/apic-em-firewall-ports-opening/m-p/3545701#M2285 <HTML><HEAD></HEAD><BODY><P>Hi Keith,</P><P></P><P>it depends what you are doing.&nbsp; I assume you are talking about inbound connections.</P><P></P><P>22 + 443&nbsp; + 14141 are required for management.</P><P>500 can be required for inter cluster comms through a FW</P><P></P><P>67 + 80 + 123 can be required for PnP (With certificates, you need NTP)</P><P>162 can be required for host update notifications (SNMP traps)</P><DIV class="section"><DIV class="column"><P>16026 is required for IWAN (APIC-EM is a CA)</P></DIV></DIV></BODY></HTML> Tue, 04 Jul 2017 08:15:41 GMT https://community.cisco.com/t5/controllers/apic-em-firewall-ports-opening/m-p/3545701#M2285 aradford 2017-07-04T08:15:41Z https://community.cisco.com/t5/controllers/apic-em-firewall-ports-opening/m-p/3545702#M2286 <HTML><HEAD></HEAD><BODY><P>Latest link: <A href="http://www.cisco.com/c/en/us/td/docs/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/1-5-x/install/b_apic_em_install_guide_v_1-5-x/b_apic_em_install_guide_v_1-5-x_chapter_010.html?bookSearch=true#reference_AD0C50D51F91478697F003362FC4C1D6" title="http://www.cisco.com/c/en/us/td/docs/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/1-5-x/install/b_apic_em_install_guide_v_1-5-x/b_apic_em_install_guide_v_1-5-x_chapter_010.html?bookSearch=true#reference_AD0C50D51F91478697F003362FC4C1D6">Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide, Release 1.5.x - Installing the…</A></P></BODY></HTML> Tue, 11 Jul 2017 12:06:49 GMT https://community.cisco.com/t5/controllers/apic-em-firewall-ports-opening/m-p/3545702#M2286 ngoldwat 2017-07-11T12:06:49Z https://community.cisco.com/t5/controllers/apic-em-firewall-ports-opening/m-p/3545703#M2287 <HTML><HEAD></HEAD><BODY><P>Thanks Nick,</P><P></P><P>good to see we have finally turned off 14141.</P><P></P><P>Adam</P></BODY></HTML> Tue, 11 Jul 2017 13:25:24 GMT https://community.cisco.com/t5/controllers/apic-em-firewall-ports-opening/m-p/3545703#M2287 aradford 2017-07-11T13:25:24Z