Firewall port requirement for VVR and GCO
Here I have the list of firewall port requirement for GCO
https://sort.symantec.com/public/documents/sfha/6.0.1/aix/productguides/html/vcs_install/apas01.htm
we are using 4 IP's at one site and each of the will be from same subnet .
physical IP- 192.168.1.xxx.
Cluster IP-192.168.1.xxx.
App IP-192.168.1.xxx.
VVR IP.-192.168.1.xxx.
This is for primary site and DR site will different subnet and IP.
my question is what are the ports to be open on firewall against physical IP,Cluster IP,APP IP etc.
since our last project we faced some issues and we enabled all required ports against all IP's.
Thank you
J0my
Hi Jomy,
Windows TCP/IP stack can be a little strange how it tags outbound packets when mulitple IPs are concerned. If you are working with a system with a single IP then all outbound packets are tagged as coming from that 1 IP. However, when you are working with a system with multiple IPs, all outbound packets are still only tagged as coming from a single IP. In a cluster situation where IPs are added and removed the outbound packets can be tagged with a different IP depending on what virtual IPs on online/offline on the node. Because of this changing of the outbound packet source IP, firewalls for Windows servers typically need to have all ports open for all available IPs (phyical and virtual) that can run in the cluster.
I know that it is a little messy. You can actually do calulations on the IP to determine how Windows will respond to the IP being added/removed from the system but it is much easier to just add them all to the firewall.
-Wally