Internal communications and firewall ports: Difference between revisions

From wiki.comcert.com
Jump to navigation Jump to search
VisualWikitext
No edit summary
No edit summary
 
(26 intermediate revisions by the same user not shown)
Line 2: Line 2:
== Introduction ==
== Introduction ==


Whithin a distributed nG1 environment the following internal communication has to be taken in account. Individual access to Service Enablers like NTP and DNS is mandatory. Please note that if external authentication like LDAP or RADIUS is used, it is configured at NGGM, NGFF and NGLS.
These intra-nGeniusONE system communications must be allowed by every firewall and ACL in the path between the nGeniusONE servers and its data sources (Flow Collector, InfiniStream, vStream, vStream Agent, ...).  All servers require stable communication with DNS and NTP.  If you choose to use external user authentication (AD, LDAP, RADUIS, TACACS, ...), access to these authentication servers is required only for nGenius Server or nGenius Global Manager, nGenius For Flows and nGenius Local Server.
 
Access to all servers is typically done using SSH on Linux (tcp/22) and RDP on Windows (tcp/3389).  InfiniStream and Flow Collector are always Linux-based OS.
 
 


== Solution ==
== Solution ==


=== Legend: ===
=== Standalone nGeniusONE Server (just one nGenius server) ===
 
(#) suggested ports for NetFlow and SFlow exports (other port numbers are possible)


{| border="1" cellpadding="1" cellspacing="1" style="width: 238px;"
<span style="color:#0000FF;">(*) optional vSTREAM Agent packet streaming</span>
|-
| style="width: 52px;" | NGGM
| style="width: 173px;" | nGenius Global Manager
|-
| style="width: 52px;" | NGFF
| style="width: 173px;" | nGenius for Flows
|-
| style="width: 52px;" | NGLS
| style="width: 173px;" | nGenius Local Server
|-
| style="width: 52px;" | FC
| style="width: 173px;" | Flow Collector
|-
| style="width: 52px;" | IS
| style="width: 173px;" | InfiniStream
|}


[[File:NG1StandaloneUpdated.png|border|center|NG1Standalone.png]]
&nbsp;
&nbsp;


[[File:nGOInternalCommunication.jpg|border|center|nGOInternalCommunication.jpg]]
=== Distibuted nGeniusONE Server&nbsp;(at least two&nbsp;nGenius servers) ===
(#) suggested ports for NetFlow and SFlow exports (other port numbers are possible)
 
<span style="color:#0000FF;">(*) optional vSTREAM Agent packet streaming</span>
 
[[File:NG1DistributedUpdated.png|border|center|NG1Distributed.png]]

Latest revision as of 15:59, 3 July 2025

Introduction

These intra-nGeniusONE system communications must be allowed by every firewall and ACL in the path between the nGeniusONE servers and its data sources (Flow Collector, InfiniStream, vStream, vStream Agent, ...).  All servers require stable communication with DNS and NTP.  If you choose to use external user authentication (AD, LDAP, RADUIS, TACACS, ...), access to these authentication servers is required only for nGenius Server or nGenius Global Manager, nGenius For Flows and nGenius Local Server.

Access to all servers is typically done using SSH on Linux (tcp/22) and RDP on Windows (tcp/3389).  InfiniStream and Flow Collector are always Linux-based OS.

 

Solution

Standalone nGeniusONE Server (just one nGenius server)

(#) suggested ports for NetFlow and SFlow exports (other port numbers are possible)

(*) optional vSTREAM Agent packet streaming

NG1Standalone.png
NG1Standalone.png

 

Distibuted nGeniusONE Server (at least two nGenius servers)

(#) suggested ports for NetFlow and SFlow exports (other port numbers are possible)

(*) optional vSTREAM Agent packet streaming

NG1Distributed.png
NG1Distributed.png
Retrieved from "https://wiki.comcert.com/index.php?title=Internal_communications_and_firewall_ports&oldid=9022"