Ports to Open
Firewall Recommendations
When configuring a firewall for your VMs, use the guidelines in the following tables.
| Application | L4 | Direction | Destination Port | Communication Type |
|---|---|---|---|---|
| HTTPS | TCP | Outbound | 443 | External (only to Juniper Mist) and Internal |
| HTTPS | TCP | Inbound | Any TCP port One public port |
External and Internal |
| SNMP | UDP | Outbound | 162 or custom | Internal |
|
SNMP |
UDP | Inbound | 30001, 30002, 30003 | Internal |
| SYSLOG | UDP | Outbound | 514 or custom | Internal |
| DNS | UDP | Outbound | 53 | External and Internal |
| NTP | UDP | Outbound | 123 | External and Internal |
| SSH | TCP | Inbound | 22 | Internal |
| Source | Destination | Port | Comments |
|---|---|---|---|
|
<VM1-Private-IP> <VM2-Private-IP> <VM3-Private-IP> |
Any | UDP-53, UDP-123, TCP-80, TCP-443 (Only to Juniper Mist) | Outbound rule |
| Juniper-Mist-Webhook-public-IPs | <AFR public-IP> | TCP-<public port> | Inbound rule |
| Original Source | Original Destination | Original Service | Translated Destination IP | Translated Destination Port | Translated Service |
|---|---|---|---|---|---|
| <Juniper-Mist-Webhook-public IPs> | <AFR-public-IP> | TCP-<public_port> | <VIP-Private-IP> |
<private_port> Default: 443 |
Original (TCP) |