Frontend (public) network:
Ports to allow:
ICMP – ping (for support troubleshooting)
All TCP/UDP ports
Backend (private) Network:
IP block: your private IP block for server to server communications (10.X.X.X/X)
Ports to allow:
ICMP – ping (for support troubleshooting)
All TCP/UDP ports
Service Network: (on backend/private network)
ICMP – ping (for support troubleshooting)
161/TCP – SNMP (server metrics)
161/UDP – SNMP (server metrics)
623/TCP – IPMI (server control)
623/UDP – IPMI (server control)
3389/TCP – Terminal services (for support access)
22/TCP – SSH (for support access) If you run SSH on a different port please allow that port instead.
SSL VPN network: (on backend/private network)
IP block: 10.1.0.0/16 (255.255.0.0) – dynamic IP range of the VPN users
ICMP – ping (for support troubleshooting)
All TCP/UDP ports (for access from your local workstation)
Most Popular Articles
Can I load balance servers that are behind a firewall?
Yes, in proxy mode your servers can live anywhere and as long as you can get to the real port you...
Hardware Firewall configuration
A Hardware Firewall is a network device that is connected upstream from a server. The Firewall...
How do I enable/disable my Iptables firewall?
To start IP tables on your RedHat server,# service iptables startYou can run the following...
Brute Force Detection
BFD -- Brute Force Detection BFD is a shell script which parses security logs and detects...
Configure APF Firewall
A firewall is a very good idea for a server. Though many people think that a firewall is...