Firewall Configuration/Network Ports Required for Neverfail Continuity Engine 8.x

Follow

Summary

This Knowledge base article provides information about the ports required to be open for Neverfail Continuity Engine (CE), Engine Management Server (EMS), and the Advanced Management Client (AMC) for deployment and on-going operation. 

More Information

When firewalls are used to protect networks, you must configure them to allow traffic to pass through specific ports for Neverfail Engine installation and management. If using Windows Firewall, Engine Management Service can automatically configure the necessary ports for traffic.

Important: When installing on Windows Server 2008 R2, Microsoft Windows may change the connection type from a Private network to an Unidentified network after you have configured the firewall port to allow channel communications resulting in the previously configured firewall changes to be reset for the new network type (Unidentified).

The firewall rules must be recreated to allow traffic to pass through for the Client Connection port and the Default Channel port. Neverfail recommends that the firewall be configured to allow the Client to connect to the Client Connection port by process, nfgui.exe, rather than by a specific port. To enable Channel communications between servers, change the Network List Manager Policy so that the Neverfail Channel network is identified as a Private Network, and not the default Unidentified Network, and configure the firewall to allow traffic to pass through on Port 57348, the Default Channel port.

Neverfail CE, EMS, and AMC require specific ports to be open for communications to work correctly. For the purposes of this KB article, Neverfail CE is referred to as an Engine Cluster when it is deployed in either a Duo or Trio configuration. Each node in the cluster will need to have the ports opened on the NICs as specified below.

Continuity Engine

     

Port

Protocol

Description

Interface

Direction

9727

TCP

Web Services HTTPS Port

Principal and Channel NICs

Inbound to the server and outbound to EMS

9728

TCP

Web Services HTTP Port

Principal and Channel NICs

Inbound to the server and outbound to EMS

52267

TCP

Advanced Management Client Access Port

Principal and Channel NICs

Inbound to the server. Outbound from EMS and other designated  clients using the AMC

57348

TCP

Engine Replication / Channel Port between Cluster Nodes

Channel NICs

Inbound and Outbound

61000

TCP

SCOPE Bandwidth Measurement Port

Channel NICs

Inbound and Outbound

62000

TCP

SCOPE Communications Port between Cluster Nodes

Channel NICs

Inbound and Outbound

7

TCP

Echo Service Port

Principal NICs

Inbound to the server

53

UDP/TCP

DNS Client Lookup Port

Principal NICs

Outbound from Server

135-139

TCP

Common MS Networking Ports

Principal NICs

Inbound to the server

445

UDP/TCP

Direct TCP/IP MS Networking Access Port

Principal NICs

Inbound to the server

443

TCP

The default port that the vCenter Server system uses to listen for connections from the vSphere Client or API calls

Principal NICs

Outbound to the vCenter server

 

Engine Management Server

   

Port

Protocol

Description

Interface

Direction

9727

TCP

Web Services Port (https):

Principal NIC

Inbound to the server, and outbound to CE Clusters

9728

TCP

Web Services Port (http):

Principal NIC

Inbound to the server, and outbound to CE Clusters

52267

TCP

Advanced Management Client Access Port

Principal NIC

Outbound to CE Clusters

7

TCP

Echo Service Port

Principal NIC

Inbound to the server

445

TCP

Direct TCP/IP MS Networking Access Port

Principal NIC

Inbound to the server

135-139

TCP

 

Principal NIC

Inbound to the server

443

TCP

The default port that the vCenter Server system uses to listen for connections from the vSphere Client or API calls

Principal NIC

Outbound to the vCenter server

     

Advanced Management Client (Optional)

   

Port

Protocol

Description

Interface

Direction

52267

TCP

Advanced Management Client Access Port

Principal NIC

Outbound to CE Clusters

 

Note: Ephemeral ports will need to be open on all outbound connections. The default dynamic Ephemeral port range for Windows 2008, 2008 R2, 2012, 2012 R2, and 2016 are ports 49152 through 65535.

Applies To

Neverfail Continuity Engine v8.x

Related Information

KBID-2879

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.