On-Prem Ports & Firewall Configuration
It is assumed that there are no port restrictions on communications between nodes.
Outbound
The follow outbound ports/paths need to to be allowed in most configurations
| Purpose | Destination Address | Destination Port | Protocol | Service |
|---|---|---|---|---|
| Software & license install *1 | *.kloudspot.com | 443 | TCP | HTTPS |
| Docker images *1 | https://docker.io, https://registry.k8s.io, https://quay.io | 443 | TCP | HTTPS |
| Network Time | *.ntp.org | 123 | UDP | NNTP |
| Cisco WLC access (if required) | 16113 | TCP |
*1 : The installation can be configured to get these images from docker.kloudspot.com or they can be sideloaded. See here for details
Inbound
Single Node
The following inbound ports need to be allowed if the function is required
| Port | Usage | Optional |
|---|---|---|
| 30003/UDP | Aruba RTLS | yes |
| 30004/UDP | Aeroscout | yes |
| 30002/TCP | Meraki MV Sense MQTT | yes |
| 30005/UDP | Huawei | yes |
| 30006/UDP | Huawei BLE | yes |
Cluster
| Port | Usage | Optional |
|---|---|---|
| 3333/UDP | Aruba RTLS | yes |
| 5555/UDP | Aeroscout | yes |
| 6666/TCP | Meraki MV Sense MQTT | yes |
| 7777/UDP | Huawei | yes |
| 7778/UDP | Huawei BLE | yes |