TruView Firewall ports
Introduction
Distributed TruView is in almost all cases a single TVC (running the web portal) and one or more data sources (TVF and TVP). Please note that TVP (TruView Packet) is a packet collector and has no Web UI. TVF (TruView Flow) is equipped with a (depreciated) Web UI and can still be used for flow based network analysis. However, customers are recommended to use TVC for flow as well as packet based network analysis.
In case there are firewalls in between the appliances, this article will help you to create the necessary firewall policies.
Please note that all TruView appliances are running firewall deamon (linux: firewalld) to restrict access to undocumented ports.
Solution
TVC inbound ports
| destination | service | role |
| tcp/443 | https | user portal |
| tcp/22 | ssh | management cli |
TVC outbound ports
| destination | service | role |
| udp/53 | dns | domain name service |
| tcp/389 | ldap | remote authentication |
| tcp/636 | sldap | secure remote authentication |
| udp/123 | ntp | network time synchronization |
| tcp/25 | smtp | mailrelay (email external notification) |
| udp/161 | snmp | polling device health status of exporter |
TVF inbound ports
| destination | service | role |
| tcp/443 | https | user portal (depreciated) |
| tcp/22 | ssh | management cli |
| udp/2055,udp/6343,* | netflow | receiving netflow packets from exporter |
(*) inbound netflow services are depending on your configuration of the exporting device / listening port settings.
TVF outbound ports
| destination | service | role |
| udp/53 | dns | domain name service |
| udp/123 | ntp | network time synchronization |
| udp/161 | snmp | polling interface utilization of exporter |
TVP inbound ports
| destination | service | role |
| tcp/22 | ssh | management cli |
TVP outbound ports
| destination | service | role |
| udp/53 | dns | domain name service |
| udp/123 | ntp | network time synchronization |
Distributed TruView internal communication ports
| destination | service | role |
| tcp/443 | https | TVC -> TVF/TVP |
| tcp/443 | https | TVF/TVP -> TVC |