TruView Firewall ports

Introduction

Distributed TruView is in almost all cases a single TVC (running the web portal) and one or more data sources (TVF and TVP). Please note that TVP (TruView Packet) is a packet collector and has no Web UI. TVF (TruView Flow) is equipped with a (depreciated) Web UI and can still be used for flow based network analysis. However, customers are recommended to use TVC for flow as well as packet based network analysis.

In case there are firewalls in between the appliances, this article will help you to create the necessary firewall policies.

Please note that all TruView appliances are running firewall deamon (linux: firewalld) to restrict access to undocumented ports.

Solution

TVC inbound ports

destination	service	role
tcp/443	https	user portal
tcp/22	ssh	management cli

TVC outbound ports

destination	service	role
udp/53	dns	domain name service
tcp/389	ldap	remote authentication
tcp/636	sldap	secure remote authentication
udp/123	ntp	network time synchronization
tcp/25	smtp	mailrelay (email external notification)
udp/161	snmp	polling device health status of exporter

TVF inbound ports

destination	service	role
tcp/443	https	user portal (depreciated)
tcp/22	ssh	management cli
udp/2055,udp/6343,*	netflow	receiving netflow packets from exporter

(*) inbound netflow services are depending on your configuration of the exporting device / listening port settings.

TVF outbound ports

destination	service	role
udp/53	dns	domain name service
udp/123	ntp	network time synchronization
udp/161	snmp	polling interface utilization of exporter

TVP inbound ports

destination	service	role
tcp/22	ssh	management cli

TVP outbound ports

destination	service	role
udp/53	dns	domain name service
udp/123	ntp	network time synchronization

Distributed TruView internal communication ports

destination	service	role
tcp/443	https	TVC -> TVF/TVP
tcp/443	https	TVF/TVP -> TVC