Skip to main content
Outside service Partner
Hitachi Vantara Knowledge

Firewall exceptions

Security administrators use firewalls to protect the network or selected components in the network from intrusion. A firewall might lie between UCP Advisor and your management environment, depending on your deployment. Therefore, you must configure firewall exceptions for your environment.

Required firewall port exceptions

The ports in the following table are used for UCP Advisor management traffic. To access UCP from the production network, exceptions for these ports are necessary.

Scenario Source Destination Protocol/Port
vCenter access Web Client VCSA TCP/9443
Web Client UCP Advisor Controller VM TCP/443
vCenter to Advisor communication UCP Advisor VM VCSA TCP/443, 23031
VCSA UCP Advisor Controller VM TCP/23011
Log collection and switch backup and restore Managed hardware UCP Advisor Controller VM TCP/22
SNMP communication Managed hardware UCP Advisor Controller VM UDP/161,162
IPMI communication Managed hardware UCP Advisor Controller VM UDP/623
Adding an N+1 appliance UCP Advisor Controller VM UCP Advisor Gateway VM TCP/443
UCP Advisor Gateway VM UCP Advisor Controller VM TCP/443

Optional firewall port exceptions

The ports in the following table are used for UCP Advisor management traffic, element management traffic, and system integration traffic (for example, Automation Director, VRO, and Syslog). The security administrator can configure firewall port exceptions.

Scenario Source Destination Protocol/Port
HiTrack hosted on another VM HiTrack Monitor VM UCP Advisor Controller VM TCP/443
API access to UCP Advisor API Client UCP Advisor Controller VM TCP/23015
CLI access to UCP Advisor CLI Client UCP Advisor Controller VM TCP/23015
RDP access to Advisor VM RDP client UCP Advisor Controller VM TCP/3389
SSH access to Advisor Gateway VM SSH client UCP Advisor Gateway VM TCP/22
Usage of vRealize Log Insight VCSA, UCP Advisor Controller VM, UCP Hardware vRealize Log Insight VM TCP/514, TCP/1514, TCP/V6514, TCP/9000, TCP/9543, and UDP/514
vRealize Log Insight VM UCP Advisor Controller VM TCP/2055
Usage of vRealize Orchestrator VCSA, UCP Advisor Controller VM, end user web browser vRealize Orchestrator VM TCP/8230, TCP/8240, TCP/8250, TCP/8244, TCP/8280, TCP/8281, TCP/8282, TCP/8283
vRealize Orchestrator VM UCP Advisor Controller VM TCP/23021
Usage of Automation Director Automation Director VM UCP Advisor Controller VM TCP/22015

Additional information about vRealize Log Insight and vRealize Orchestrator can be found on the VMware documentation portal.