| Note | ||
|---|---|---|
| ||
The NIOS UI provides a mechanism to filter the domains it sends to Cloud Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with Cloud Data Connector, make sure to configure Cloud Data Connector to exclude internal corporate and authoritative domains (*.<corp domains> or *.<Authoritative Zones>). By excluding corporate and authoritative domains, internal traffic logs will not be added. By excluding corporate and authoritative domains, internal traffic logs will not be added. For the complete list of domains to be excluded, click here.
For information, see Setting Up the NIOS Grid. |
...
The following table lists the port usage for a successful Data Connector deployment.
| IP Protocol | Port | Source | Destination |
| Description | |||
| TCP | 443 | — | csp.infoblox.com |
URLs in one JSON formatted list
| Cloud Services Portal Access (unrestricted outbound access to TCP 443) | ||||
| TCP | 443 | — | cp.noa.infoblox.com | On-Prem Host – Platform Management |
| TCP | 443 | — | app.noa.infoblox.com | On-Prem Host – Application Management |
| UDP | 123 | — | ntp.ubuntu.com | NTP Server (For OVA only. In case NTP was not provisioned and time sync is disabled.) |
| UDP | 123 | — | ubuntu.pool.ntp.org | NTP Server (Only needed if time sync with ESXi is disabled.) |
| TCP | 22 | NIOS appliance |
| Data Connector |
Open this port if you want to send data using SCP from the Infoblox NIOS appliance (if configured) to Data Connector. The NIOS UI provides a mechanism to filter the domains it sends to Cloud Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with Cloud Data Connector, make sure to configure Cloud Data Connector to exclude internal corporate and authoritative domains (*.<corp>/Authorititative). By excluding corporate and authoritative domains, internal traffic logs will not be added. Required for incoming SCP data transfer from NIOS to Data Connector when deployed as a container. When you deploy Data Connector as a container, ensure that there are no SSH processes listening on port 22. You must terminate these SSH processes for Data Connector to collect data from NIOS. |
If you deploy Data Connector as a container, ensure that |
there are no SSH processes listening on port 22. You must terminate these SSH processes for Data Connector to collect data from NIOS. | ||||
| TCP | 514 | NIOS appliance | Data Connector | Open this port if you want to send syslogs and secure syslogs for RPZ from the Infoblox NIOS appliance (if configured) to Data Connector. Note: Port 514 is an insecure port. The NIOS UI provides a mechanism to filter the domains it sends to Cloud Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with Cloud Data Connector, make sure to configure Cloud Data Connector to exclude internal corporate and authoritative domains (*.<corp>/Authoritative). By excluding corporate and authoritative domains, internal traffic logs will not be added. Required for Data Connector secure syslog for RPZ hits data. If you deploy Data Connector as a container, ensure that this port is not used by other processes. |
If you deploy Data Connector as a container, ensure that this port is not used by other processes for Data Connector to collect data from NIOS. | ||||
| TCP | 6514 | NIOS appliance | Data Connector | Open this port if you want to send syslogs and secure syslogs for RPZ from the Infoblox NIOS appliance (if configured) to Data Connector. Note: Port 6514 is a secure port. The NIOS UI provides a mechanism to filter the domains it sends to Cloud Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with Cloud Data Connector, make sure to configure Cloud Data Connector to exclude internal corporate and authoritative domains (*.<corp>/Authoritative). By excluding corporate and authoritative domains, internal traffic logs will not be added. Used for transferring syslog data from NIOS to Data container. Port 6514 is a default secure port. If you deploy Data Connector as a container, ensure that this port is not used by other processes. |
8125
If you deploy Data Connector as a container, ensure that this port is not used by other processes for Data Connector to collect data from NIOS. | ||||
| UDP | 8125 | Data Connector deployment | — | Open this port for bare-metal deployments only. This is an internal port used for communications between containers. If you deploy Data Connector as a container, ensure that this port is not used by other processes. |
If you deploy Data Connector as a container, ensure that this port is not used by other processes. | ||||
| TCP | 8126 | Data Connector deployment | — | Open this port for bare-metal deployments only. This is an internal port used for communications between containers. If you deploy Data Connector as a container, ensure that this port is not used by other processes. |
If you deploy Data Connector as a container, ensure that this port is not used by other processes. | ||||
| TCP | 50514 | Data Connector deployment | — | Open this port only for deploying the Data Connector as a container. This is an internal port used for communications between containers. If you deploy Data Connector as a container, ensure that this port is not used by other processes. If you deploy Data Connector as a container, ensure that this port is not used by other processes. |
| Note | ||
|---|---|---|
| ||
| A complete list of allowed IP addresses, subnets, and hostnames is available in a JSON file by clicking this link. |
...