Firewall enabled ports for clustered OVA deployments
In a clustered OVA deployment of API Connect, specific ports must be configured for communication between members of each API Connect subsystem.
OVA deployments require the common ports listed in Firewall requirements on Kubernetes. When the VMs are clustered, additional ports are used for communication between the members of the subsystems in the cluster.
All ports must be enabled inbound and outbound.
| Subsystem | Ports |
|---|---|
| Ports that must be open between all subsystem VMs | 442, 2379, 2380, 6443, 6444, 9099, 10248, 10249, 10250,10251, 10252, 10254, 10256, 10257,
10259 These are ports that must be open between all servers within a given subsystem. For example, from management server to management server, or from portal server to portal server, or from analytics server to analytics server. These ports are not used for communication between subsystems. You might need additional TCP ports for Kubernetes-proxied services. The default
range is |
| Additional ports that must be open between Management Service VMs | 7001, 7199, 8778, 9042 |
| Additional ports that must be open between Developer Portal VMs | 3009, 3010, 3306, 3307, 4443, 4444, 4567, 4568, 30865 |
| Additional ports that must be open between Gateway Service VMs | 16380, 16381, 26380, 26381 |
| Additional ports that must be open between Analytics VMs | No additional ports are needed. |
These internal ports are not used for communication between VMs. Ensure that they are open on the VM server locally.
| Subsystem | Ports |
|---|---|
| Reserved local ports on all subsystem VMs | 8080, 30000:59999 |
| Management Service VMs | 2000, 2001, 3003, 3004, 3006, 3007, 8084, 8404, 8443 |
| Portal Service VMs | 3058, 3059, 3060, 3061 |
| Analytics VMs | 4443, 9200, 9300 |