Highlighted

Firewall port requirement for VVR and GCO

Here I  have the list of firewall port requirement for GCO

https://sort.symantec.com/public/documents/sfha/6.0.1/aix/productguides/html/vcs_install/apas01.htm

we are using 4 IP's at one site and each of the will be from same subnet .

physical IP- 192.168.1.xxx.
Cluster IP-192.168.1.xxx.
App IP-192.168.1.xxx.
VVR IP.-192.168.1.xxx.

This is for primary site and DR site will different subnet and IP.

my question is what are the ports to be open on firewall against physical IP,Cluster IP,APP IP etc.

since our last project we faced some issues and we enabled all required ports against all IP's.

 

Thank you

J0my

 

1 Solution

Accepted Solutions
Highlighted
Accepted Solution!

Hi Jomy, Windows TCP/IP stack

Hi Jomy,

Windows TCP/IP stack can be a little strange how it tags outbound packets when mulitple IPs are concerned.  If you are working with a system with a single IP then all outbound packets are tagged as coming from that 1 IP.  However, when you are working with a system with multiple IPs, all outbound packets are still only tagged as coming from a single IP.  In a cluster situation where IPs are added and removed the outbound packets can be tagged with a different IP depending on what virtual IPs on online/offline on the node.  Because of this changing of the outbound packet source IP, firewalls for Windows servers typically need to have all ports open for all available IPs (phyical and virtual) that can run in the cluster. 

I know that it is a little messy.  You can actually do calulations on the IP to determine how Windows will respond to the IP being added/removed from the system but it is much easier to just add them all to the firewall.

-Wally

View solution in original post

2 Replies
Highlighted

default is

default is 14155.

refer:

 

http://www.symantec.com/business/support/index?page=content&id=HOWTO66089&profileURL=https%3A%2F%2Fs...

 

Table: VCS services and ports

Port Number

Protocol

Description

Process

14150

TCP

Veritas Command Server

CmdServer.exe

14141

TCP

Veritas High Availability Engine

Veritas Cluster Manager (Java console) (ClusterManager.exe)

VCS Agent driver (VCSAgDriver.exe)

had.exe

7419

TCP

Symantec Plugin Host Service

Solutions Configuration Center (SFWConfigPanel.exe)

CCF Engine (CEngineDriver.exe)

pluginHost.exe

14149

TCP/UDP

VCS Authentication Service

vcsauthserver.exe

8199

TCP

Volume Replicator Administrative Service

vras.dll

4145

UDP

VCS Cluster Heartbeats

vxio.sys

4888

TCP

Veritas Scheduler Service

Use to launch the configured schedule.

VxSchedService.exe

49152-65535

TCP/UDP

Volume Replicator Packets

User configurable ports created at kernel level by vxio .sys file

14144

TCP/UDP

VCS Notification

Notifier.exe

14153, 15550 - 15558

TCP/UDP

VCS Cluster Simulator

hasim.exe

14155

TCP/UDP

VCS Global Cluster Option (GCO)

wac.exe

Highlighted
Accepted Solution!

Hi Jomy, Windows TCP/IP stack

Hi Jomy,

Windows TCP/IP stack can be a little strange how it tags outbound packets when mulitple IPs are concerned.  If you are working with a system with a single IP then all outbound packets are tagged as coming from that 1 IP.  However, when you are working with a system with multiple IPs, all outbound packets are still only tagged as coming from a single IP.  In a cluster situation where IPs are added and removed the outbound packets can be tagged with a different IP depending on what virtual IPs on online/offline on the node.  Because of this changing of the outbound packet source IP, firewalls for Windows servers typically need to have all ports open for all available IPs (phyical and virtual) that can run in the cluster. 

I know that it is a little messy.  You can actually do calulations on the IP to determine how Windows will respond to the IP being added/removed from the system but it is much easier to just add them all to the firewall.

-Wally

View solution in original post