Setting Accesser node inbound rules

The Accesser® Node is the D/L IP for each rule.

Table 1. Accesser Node inbound rules
Rule Action Protocol D/L port S/R IP S/R port Description

1

Allow

TCP

80

HTTP-SO/NO clients

Any

HTTP object interface to Vaults

2

Allow

TCP

443

HTTP-SO/NO clients

Any

HTTPS object interface to Vaults

3

Allow

TCP

8443

HTTP-SO/NO clients

Any

 

4

Allow

TCP

22

Admin clients

Any

SSH for administrative CLI

5

Allow

TCP

8088

Manager Node

Any

Appliance management protocol

6

Allow

TCP

8192

Admin clients

Any

Stats API on HTTP

7

Allow

TCP

8193

Admin clients

Any

Stats API on HTTPS

8

Allow

UDP

123

Manager Node

123

NTP protocol

9

Allow

UDP

Any

External DNS server

53

DNS protocol

10

Allow

TCP

8337, 8338

User Clients

Any

REST API endpoint for container vaults

11

Allow

ICMP

NA

  • Any IBM® Cloud Object Storage System node
  • Admin clients

NA

 

12

Allow

UDP, TCP

161

SNMP-based monitoring application

Any

SNMP endpoint for GET requests

The Accesser Node periodically receives ICMP replies from the Manager Node. The Accesser Node must receive ICMP requests from the Manager Node.