Overview
Information about securing the disaster recovery setup.
If you are using disaster recovery in your production environment, use the firewall and security policies that secure your disaster recovery setup. Open the ports given in the table to ensure that Catalyst Center has the access it requires to set up disaster recovery across your network's data centers.
For three-node clusters, ensure that you allow the source Enterprise IP address of each node.
| Source port | Source | Destination port | Destination | Description |
|---|---|---|---|---|
| Any |
Catalyst Center Enterprise IP/VIP |
TCP 443 |
Catalyst Center Enterprise VIP |
REST API Access |
| Any |
Catalyst Center Enterprise IP/VIP |
UDP 500 |
Catalyst Center Enterprise VIP |
IPSec tunnel |
| Any |
Catalyst Center Enterprise IP/VIP |
TCP 873 |
Catalyst Center Enterprise VIP |
Replication of GlusterFS data through rsync |
| Any |
Catalyst Center Enterprise IP/VIP |
UDP 4500 |
Catalyst Center Enterprise VIP |
IPSec tunnel |
| Any |
Catalyst Center Enterprise IP/VIP |
TCP 8300 |
Catalyst Center Enterprise VIP |
Consul RPC communication |
| Any |
Catalyst Center Enterprise IP/VIP |
TCP 8301 |
Catalyst Center Enterprise VIP |
Consul SERF LAN port |
| Any |
Catalyst Center Enterprise IP/VIP |
UDP 8301 |
Catalyst Center Enterprise VIP |
Consul SERF LAN port |
| Any |
Catalyst Center Enterprise IP/VIP |
TCP 8302 |
Catalyst Center Enterprise VIP |
Consul SERF WAN port1 |
| Any |
Catalyst Center Enterprise IP/VIP |
UDP 8302 |
Catalyst Center Enterprise VIP |
Consul SERF WAN port1 |
| Any |
Catalyst Center Enterprise IP/VIP |
TCP 8443 |
Catalyst Center Enterprise VIP |
HA proxy API access 2 |
| Any |
Catalyst Center Enterprise IP/VIP |
UDP 500 |
Witness IP |
IPSec tunnel |
| Any |
Catalyst Center Enterprise IP/VIP |
TCP 2222 |
Witness IP |
TCP ping for witness reachability |
| Any |
Catalyst Center Enterprise IP/VIP |
UDP 4500 |
Witness IP |
IPSec tunnel |
| Any |
Catalyst Center Enterprise IP/VIP |
TCP 8300 |
Witness IP |
Consul RPC communication |
| Any |
Catalyst Center Enterprise IP/VIP |
TCP 8301 |
Witness IP |
Consul SERF LAN port |
| Any |
Catalyst Center Enterprise IP/VIP |
UDP 8301 |
Witness IP |
Consul SERF LAN port |
| Any |
Catalyst Center Enterprise IP/VIP |
TCP 8302 |
Witness IP |
Consul SERF WAN port1 |
| Any |
Catalyst Center Enterprise IP/VIP |
UDP 8302 |
Witness IP |
Consul SERF WAN port1 |
| Any |
Catalyst Center Enterprise IP/VIP |
TCP 8443 |
Witness IP |
HA proxy API access 2 |
| Any |
Catalyst Center Enterprise/ Management VIP |
TCP 179 |
Neighbor router |
BGP session with neighbor router
|
| Any |
Witness IP |
UDP 53 |
DNS Server |
From witness to DNS server |
| Any |
Witness IP |
UDP 123 |
NTP Server |
From witness to NTP server |
| Any |
Witness IP |
TCP 443 |
Catalyst Center Enterprise VIP |
Access APIs during disaster recovery registration |
| Any |
Witness IP |
UDP 500 |
Catalyst Center Enterprise VIP |
IPSec tunnel |
| Any |
Witness IP |
UDP 4500 |
Catalyst Center Enterprise VIP |
IPSec tunnel |
| Any |
Witness IP |
TCP 8300 |
Catalyst Center Enterprise VIP |
Consul RPC communication |
| Any |
Witness IP |
TCP 8301 |
Catalyst Center Enterprise VIP |
Consul SERF LAN port |
| Any |
Witness IP |
UDP 8301 |
Catalyst Center Enterprise VIP |
Consul SERF LAN port |
| Any |
Witness IP |
TCP 8302 |
Catalyst Center Enterprise VIP |
Consul SERF WAN port1 |
| Any |
Witness IP |
UDP 8302 |
Catalyst Center Enterprise VIP |
Consul SERF WAN port1 |
| Any |
Witness IP |
TCP 8443 |
Catalyst Center Enterprise VIP |
HA proxy API access 2 |