Ranges to allow through server firewall

Frontend (public) network:
Ports to allow:
ICMP – ping (for support troubleshooting)
All TCP/UDP ports

Backend (private) Network:
IP block: your private IP block for server to server communications (10.X.X.X/X)
Ports to allow:
ICMP – ping (for support troubleshooting)
All TCP/UDP ports

Service Network: (on backend/private network)
ICMP – ping (for support troubleshooting)
161/TCP – SNMP (server metrics)
161/UDP – SNMP (server metrics)
623/TCP – IPMI (server control)
623/UDP – IPMI (server control)
3389/TCP – Terminal services (for support access)
22/TCP – SSH (for support access) If you run SSH on a different port please allow that port instead.

SSL VPN network: (on backend/private network)
IP block: 10.1.0.0/16 (255.255.0.0) – dynamic IP range of the VPN users
ICMP – ping (for support troubleshooting)
All TCP/UDP ports (for access from your local workstation)

  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

Can I load balance servers that are behind a firewall?

Yes, in proxy mode your servers can live anywhere and as long as you can get to the real port you...

Hardware Firewall configuration

A Hardware Firewall is a network device that is connected upstream from a server. The Firewall...

How do I enable/disable my Iptables firewall?

To start IP tables on your RedHat server,# service iptables startYou can run the following...

Brute Force Detection

BFD -- Brute Force Detection BFD is a shell script which parses security logs and detects...

Configure APF Firewall

A firewall is a very good idea for a server. Though many people think that a firewall is...