Firewall Rules Between the Gateway and Oracle Private Cloud Appliance
This section provides two separate tables showing the internal firewall rules
between the Gateway and different versions of Oracle Private Cloud Appliance (PCA.)
PCA 3.x has been re-engineered and now has different access
requirements. While PCA 2.4.x and earlier versions are still
supported, and have the same access requirements as before, we have added updates to
PCA 3.0.x.
Note -
PCA 3.0.x is supported only on Gateway 21.6 and higher
versions running Oracle Linux 8.x.
Refer to the following tables:
Table 14 Firewall Rules Between the Gateway and Oracle Private Cloud Appliance (PCA)
2.4.x
|
|
|
|
|
ICMP
|
PCA Management Nodes Public addresses
|
Gateway
|
ICMP Type 0 and 8
|
Used to test network connectivity between customer systems and
the Gateway
|
ICMP
|
Gateway
|
PCA management nodes public addresses
|
ICMP Type 0 and 8
|
Used to test network connectivity between the Gateway and
customer systems
|
OEM
|
Gateway
|
PCA management nodes public addresses and virtual IP
address
|
TCP/1830
|
OEM agent communication, typically 1830 is used for Oracle
Services
|
SSH/SCP
|
Gateway
|
PCA management node public addresses and virtual IP address
|
TCP/22
|
Monitoring configuration, fault diagnostics, and
patching
|
HTTP
|
PCA management nodes public addresses
|
Gateway
|
HTTP/8234
|
PCA ASR Manager to communicate with the Gateway ASR Manager
|
HTTP
|
PCA management nodes public addresses
|
Gateway
|
TCP/8000
|
PCA ZFS Phone Home Proxy Service
|
HTTP
|
PCA management nodes public addresses
|
Gateway
|
TCP/5555
|
ASR Secure File Transport Service for upload of diagnostic
packages
|
HTTPS
|
Gateway
|
PCA management node public addresses and virtual IP address
|
TCP/7002
|
Management Interface Access for troubleshooting
|
HTTPS
|
PCA management nodes public addresses
|
Gateway
|
TCP/443
|
Patch Download Service for patching support
|
HTTPS
|
Gateway
|
PCA management node public addresses and virtual IP
address
|
TCP/8443
|
Management access to the Fabric Interconnect Switches
|
HTTPS (OEM Agent)
|
PCA management nodes public addresses
|
Gateway
|
HTTPS/1159
|
OEM agent communication to the Gateway
|
|
Table 15 Firewall Rules Between the Gateway and Oracle Private Cloud Appliance (PCA)
3.0.x
|
|
|
|
|
ICMP
|
PCA management nodes public addresses
|
Gateway
|
ICMP Type 0 and 8
|
Used to test network connectivity between customer systems and
the Gateway
|
ICMP
|
Gateway
|
PCA management nodes public addresses
|
ICMP Type 0 and 8
|
Used to test network connectivity between the Gateway and
customer systems
|
HTTPS
|
PCA management nodes public addresses
|
Gateway
|
TCP/443
|
PCA monitoring subsystem to communicate with the Gateway ASR
Manager
|
HTTP
|
PCA management nodes public addresses
|
Gateway
|
HTTP/8234
|
PCA ASR Manager to communicate with the Gateway ASR Manager
|
SSH/SCP
|
Gateway
|
PCA management node public addresses and virtual IP address
|
TCP/22
|
Monitoring configuration, fault diagnostics, and
patching
|
HTTPS
|
Gateway
|
PCA management node public addresses and virtual IP address
|
TCP/443
|
Management Interface Access for monitoring configuration,
fault diagnostics, and troubleshooting
|
|