Required Communication Ports
Open ports and services that run on the Apstra server are listed in the table below.
Apstra requires a minimum of eight (8) SSH connections, two (2) SSH max-sessions-per-connection, and twenty (20) SSH rate-limit (maximum number of connection attempts per minute).
A running iptables instance ensures that network traffic to and from the Apstra server is restricted to the services listed.
Source | Destination | Protocol | Description |
---|---|---|---|
User workstation |
Apstra Server |
tcp/22 (ssh) |
CLI access to Apstra server |
User workstation |
Apstra Server |
tcp/80 (http) |
Redirects to tcp/443 (https) |
User workstation |
Apstra Server |
tcp/443 (https) |
GUI and REST API |
Network Device for device agents |
Apstra Server |
tcp/80 (http) |
Redirects to tcp/443 (https) |
Network Device or Off-box Agent |
Apstra Server |
tcp/443 (https) |
Device agent installation and upgrade, Rest API |
Network Device or Off-box Agent |
Apstra Server |
tcp/29730-29739 |
Agent binary protocol (Sysdb) |
ZTP Server |
Apstra Server |
tcp/443 (https) |
Rest API for Device System Agent Install |
Apstra Server |
Network Devices |
tcp/22 (ssh) |
Device agent installation and upgrade |
Apstra Server |
Network Devices |
tcp/32767 (grpc/ssl) |
Junos streaming telemetry using gRPC over SSL |
Off-box Agent |
Network Devices | tcp/443 (https) tcp/9443 (nxapi) tcp/830 (for Junos) |
Management from Off-box Agent |