On This Page
Remote Collector Ports
-
All nodes refer to a single remote cluster.
-
The port refers to the destination node.
-
All node-to-node traffic within the cluster and all central-remote cluster connectivity is encrypted.
For more information, see TOS Architecture.
| Source | Destination | Service / Port | Description |
|---|---|---|---|
| Administrator's PC |
Any node (physical IP) |
SSH <TCP 22> |
Mandatory Used for system maintenance |
|
Any node (physical IP) |
Any node (physical IP) |
TCP <TCP 7472> |
Required for all deployments except Azure/AWS/GCP Used by MetalLB speaker |
|
Any node (physical IP) |
Any node (physical IP) |
UCP <UDP 323> |
Mandatory Used for Chrony |
|
Any node (physical IP) |
DNS Server |
DNS <UDP 53> |
Mandatory Used for domain lookups |
|
Any node (physical IP) |
NTP Server |
NTP <UDP 123> |
Required if NTP is used for network time synchronization |
|
Any node (physical IP) |
Syslog Server |
Syslog <UDP 514> (default) or alternative port as configured |
Required if you configure notifications via syslog. |
| Administrator's PC |
RMM interfaces on all Tufin Appliances |
Web GUI <TCP 80> or <TCP 443> (SSL certificate upload available) Unencrypted: KVM <TCP 7578> CDROM <TCP 5120> USB <TCP 5123> Encrypted (AES/RC4/Stunnel): KVM <TCP 7582> CDROM <TCP 5124> USB <TCP 5127> |
Required for Tufin appliances only. Used for remote management module (RMM) network card address. See also: Configuring RMM for Gen 4 |
|
Any node (physical IP) |
Any node (physical IP) |
UDP 51820 | Mandatory K3s server and agent nodes required by Wireguard |
|
Any node (physical IP) |
Any node (physical IP) |
HTTPS <TCP 2379-2381> | Mandatory Etcd server communication |
|
Any node (physical IP) |
Any node (physical IP) |
HTTPS <TCP 6443-6444> |
Mandatory Kubernetes API Server |
|
Any node (physical IP) |
Any node (physical IP) |
Application Specific <TCP/UDP 30000-32767> |
Mandatory Kubernetes internal service range |
|
Any node (physical IP) |
Any node (physical IP) |
HTTPS <TCP 10248-10252,10255, 10256> |
Mandatory Kubernetes components |
|
Any node (physical IP) |
Any node (physical IP) |
HTTPS <TCP 32500> |
Mandatory Docker registry |
|
Any node (physical IP) |
Any node (physical IP) |
HTTPS <TCP 9100> |
Mandatory Kubernetes node-exporter |
|
Any node (physical IP) |
Any node (physical IP) |
HTTPS <TCP 8080> |
Required for adding and removing nodes from the cluster |
|
Remote Collector cluster nodes network IPs |
Central Cluster primary VIP |
HTTPS <TCP 443, 8443, 61617, 8422, 9090> For high availability, additionally: HTTPS <TCP 8423, 8424> |
Required for connecting remote collector clusters Allows central cluster to receive data from remote collector cluster |
|
Remote Collector cluster nodes network IPs |
|
HTTPS <TCP 31443, 31617, 31843,31422, 31090> For high availability, additionally: HTTPS <TCP 31423, 31424> |
Required for connecting remote collector clusters Allows central cluster to receive data from remote collector cluster For a Central Cluster deployed on the cloud |
|
All Central Cluster Nodes Network IPs |
Remote collector cluster Primary VIP |
HTTPS <TCP 8443> |
Mandatory Allows remote collector cluster to receive data from central cluster |
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague