Note | ||
---|---|---|
| ||
The NIOS UI provides a mechanism to filter the domains it sends to Cloud Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with Cloud Data Connector, make sure to configure Cloud Data Connector to exclude internal corporate and authoritative domains (*.<corp domains> or *.<Authoritative Zones>). By excluding corporate and authoritative domains, internal traffic logs will not be added. By excluding corporate and authoritative domains, internal traffic logs will not be added. For the complete list of domains to be excluded, click here. For information, see Setting Up the NIOS Grid. |
...
IP Protocol | Port | Source | Destination | Description |
TCP | 443 | — | csp.infoblox.com | Cloud Services Portal Access (unrestricted outbound access to TCP 443) |
TCP | 443 | — | cp.noa.infoblox.com | On-Prem Host – Platform Management |
TCP | 443 | — | app.noa.infoblox.com | On-Prem Host – Application Management |
UDP/TCP | 53 | — | threatdefense.bloxone.infoblox.com | BloxOne Threat Defense Cloud DNS server 52.119.40.100 |
UDP | 123 | — | ntp.ubuntu.com | NTP Server (For OVA only. In case NTP was not provisioned and time sync is disabled.) |
UDP | 123 | — | ubuntu.pool.ntp.org | NTP Server (Only needed if time sync with ESXi is disabled.) |
TCP | 22 | NIOS appliance | Data Connector | Open this port if you want to send data using SCP from the Infoblox NIOS appliance (if configured) to Data Connector. The NIOS UI provides a mechanism to filter the domains it sends to Cloud Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with Cloud Data Connector, make sure to configure Cloud Data Connector to exclude internal corporate and authoritative domains (*.<corp>/Authorititative). By excluding corporate and authoritative domains, internal traffic logs will not be added. Required for incoming SCP data transfer from NIOS to Data Connector when deployed as a container. When you deploy Data Connector as a container, ensure that there are no SSH processes listening on port 22. You must terminate these SSH processes for Data Connector to collect data from NIOS. If you deploy Data Connector as a container, ensure that there are no SSH processes listening on port 22. You must terminate these SSH processes for Data Connector to collect data from NIOS. |
TCP | 514 | NIOS appliance | Data Connector | Open this port if you want to send syslogs and secure syslogs for RPZ from the Infoblox NIOS appliance (if configured) to Data Connector. Note: Port 514 is an insecure port. The NIOS UI provides a mechanism to filter the domains it sends to Cloud Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with Cloud Data Connector, make sure to configure Cloud Data Connector to exclude internal corporate and authoritative domains (*.<corp>/Authoritative). By excluding corporate and authoritative domains, internal traffic logs will not be added. Required for Data Connector secure syslog for RPZ hits data. If you deploy Data Connector as a container, ensure that this port is not used by other processes. If you deploy Data Connector as a container, ensure that this port is not used by other processes for Data Connector to collect data from NIOS. |
TCP | 6514 | NIOS appliance | Data Connector | Open this port if you want to send syslogs and secure syslogs for RPZ from the Infoblox NIOS appliance (if configured) to Data Connector. Note: Port 6514 is a secure port. The NIOS UI provides a mechanism to filter the domains it sends to Cloud Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with Cloud Data Connector, make sure to configure Cloud Data Connector to exclude internal corporate and authoritative domains (*.<corp>/Authoritative). By excluding corporate and authoritative domains, internal traffic logs will not be added. Used for transferring syslog data from NIOS to Data container. Port 6514 is a default secure port. If you deploy Data Connector as a container, ensure that this port is not used by other processes. If you deploy Data Connector as a container, ensure that this port is not used by other processes for Data Connector to collect data from NIOS. |
Data Connector Deployment | ||||
---|---|---|---|---|
IP Protocol | Port | Source | Destination (Reserved for BloxOne Services only) | Description |
UDP | 8125 | Data Connector deployment |
This port is reserved for use by BloxOne services. Do not use this port. | This port is for bare-metal deployments only. This is an internal port used for communications between containers. |
This port is reserved for BloxOne services only. This port should not be used by our customers. | ||
TCP | 8126 | Data Connector deployment |
This port is reserved for use by BloxOne services. Do not use this port. | This port is for bare-metal deployments only. This is an internal port used for communications between containers. |
This port is reserved for BloxOne services only. This port should not be used by our customers. | ||
TCP | 50514 | Data Connector deployment |
This port is reserved for use by BloxOne services. Do not use this port. | This port is for bare-metal deployments only. This is an internal port used for communications between containers. |
This port is reserved for BloxOne services only. This port should not be used by our customers. | ||||
Note | ||
---|---|---|
| ||
A complete list of allowed IP addresses, subnets, and hostnames is available in a JSON file by clicking this link. |
...