Network Configuration
- Shirly Tsang
Analytics
Network security and configuration requirements can vary greatly based on use case. You will need a security group in each VPC where vNIOS is deployed to allow for management and service traffic. The following table lists the most common rules needed for Infoblox vNIOS for AWS appliances:
Type | Protocol | Port Range | Purpose |
SSH | TCP | 22 | CLI access for appliance administration |
HTTPS | TCP | 443 | Grid Manager GUI access |
Custom UDP Rule | UDP | 1194 | NIOS Grid Traffic (VPN) |
Custom UDP Rule | UDP | 2114 | NIOS Grid Traffic (key exchange) |
DNS (UDP) | UDP | 53 | UDP DNS |
DNS (TCP) | TCP | 53 | TCP DNS |
Custom UDP Rule | UDP | 67-68 | DHCP |
Custom TCP Rule | TCP | 8787 | Infoblox AWS API Proxy |
The following table lists additional rules used when deploying the TR-V5005 reporting appliance:
Type | Protocol | Port Range | Purpose |
Custom TCP Rule | TCP | 7089 | Distributed search |
Custom TCP Rule | TCP | 7887 | Reporting peer replication |
Custom TCP Rule | TCP | 9997 | Reporting forwarders |
Custom TCP Rule | TCP | 8000 | Reporting management |
Custom TCP Rule | TCP | 8089 | Reporting management |
Custom TCP Rule | TCP | 9185 | Splunk REST API |
Custom TCP Rule | TCP | 7000 | WebUI (Master, Indexer) |
Infoblox recommends you only allow traffic for necessary management and services. Rules should be as restrictive as possible in regard to where source traffic is allowed from. For further detail on ports and protocols used by Infoblox NIOS, refer to https://docs.infoblox.com/space/nios90/280274166/Configuring+Ethernet+Ports.