Port Usage

Advisory

The NIOS UI provides a mechanism to filter the domains it sends to Cloud Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with Cloud Data Connector, make sure to configure Cloud Data Connector to exclude internal corporate and authoritative domains (*.<corp domains> or *.<Authoritative Zones>). By excluding corporate and authoritative domains, internal traffic logs will not be added. By excluding corporate and authoritative domains, internal traffic logs will not be added. For the complete list of domains to be excluded, click here.

For information, see Setting Up the NIOS Grid.

Source Configurations for Data Connector Deployment

The following table lists the port usage source configurations for a successful Data Connector deployment.

IP Protocol	Port	Source	IPs and URLs	Description
TCP	22	From NIOS appliance to Data Connector	If you deploy Data Connector as a container, ensure that there are no SSH processes listening on port 22. You must terminate these SSH processes for Data Connector to collect data from NIOS.	Open this port if you want to send data using SCP from the Infoblox NIOS appliance (if configured) to Data Connector. The NIOS UI provides a mechanism to filter the domains it sends to Cloud Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with Cloud Data Connector, make sure to configure Cloud Data Connector to exclude internal corporate and authoritative domains (*.<corp>/Authorititative). By excluding corporate and authoritative domains, internal traffic logs will not be added.
TCP	514	From NIOS appliance to Data Connector	If you deploy Data Connector as a container, ensure that this port is not used by other processes for Data Connector to collect data from NIOS.	Open this port if you want to send syslogs and secure syslogs for RPZ from the Infoblox NIOS appliance (if configured) to Data Connector. Note: Port 514 is an insecure port. The NIOS UI provides a mechanism to filter the domains it sends to Cloud Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with Cloud Data Connector, make sure to configure Cloud Data Connector to exclude internal corporate and authoritative domains (*.<corp>/Authoritative). By excluding corporate and authoritative domains, internal traffic logs will not be added.
TCP	6514	From NIOS appliance to Data Connector	If you deploy Data Connector as a container, ensure that this port is not used by other processes for Data Connector to collect data from NIOS.	Open this port if you want to send syslogs and secure syslogs for RPZ from the Infoblox NIOS appliance (if configured) to Data Connector. Note: Port 6514 is a secure port. The NIOS UI provides a mechanism to filter the domains it sends to Cloud Data Connector. Since NIOS is sending cache logs, when configuring NIOS for use with Cloud Data Connector, make sure to configure Cloud Data Connector to exclude internal corporate and authoritative domains (*.<corp>/Authoritative). By excluding corporate and authoritative domains, internal traffic logs will not be added.

Destination Configurations for Data Connector Deployment

The following table lists the port usage destination configurations for a successful Data Connector deployment.

IP Protocol	Port	Destination	IPs and URLs	Description
TCP	443	csp.infoblox.com	IPs in one JSON formatted list URLs in one JSON formatted list	Cloud Services Portal Access (unrestricted outbound access to TCP 443)
TCP	443	cp.noa.infoblox.com		On-Prem Host – Platform Management
TCP	443	app.noa.infoblox.com		On-Prem Host – Application Management
UDP/TCP	53	threatdefense.bloxone.infoblox.com	52.119.40.100 103.80.5.100	BloxOne Threat Defense Cloud DNS server
UDP	123	ntp.ubuntu.com		NTP Server (For OVA only. In case NTP was not provisioned and time sync is disabled.)
UDP	123	ubuntu.pool.ntp.org		NTP Server (Only needed if time sync with ESXi is disabled.)
UDP	8125	Data Connector deployment	If you deploy Data Connector as a container, ensure that this port is not used by other processes.	Open this port for bare-metal deployments only.
TCP	8126	Data Connector deployment	If you deploy Data Connector as a container, ensure that this port is not used by other processes.	Open this port for bare-metal deployments only.
TCP	50514	Data Connector deployment	If you deploy Data Connector as a container, ensure that this port is not used by other processes.	Open this port only for deploying the Data Connector as a container.

Note

A complete list of allowed IP addresses, subnets, and hostnames is available in a JSON file by clicking this link.

Note

Infoblox recommends that connectivity from the on-prem hosts and services have unrestricted outbound access to the Internet on port 443. This will allow for fewer changes in the future when we change or expand services. For more deployment information, see Best Practices for Deploying On-Prem Hosts.