Firewall Requirements

Before you install and configure the Oracle Linux Virtualization Manager engine or any KVM hosts ensure you review the following firewall requirements.

Note

Oracle Linux Virtualization Manager requires IPv6 to remain enabled on the computer or virtual machine where you are running the Manager. Do not disable IPv6 on the Manager machine, even if your systems do not use it.

Engine Host Firewall Requirements

When you run the engine-setup command to configure Oracle Linux Virtualization Manager, you can have the Setup program automatically configure the firewall ports on the host. Use the following information if you want to manually configure firewalls.

The following ports are the default ports. The Setup program enables you to choose different ports for some of the configuration options, see Engine Configuration Options in the Oracle Linux Virtualization Manager: Getting Started Guide.

Table 2 Oracle Linux Virtualization Manager Host Firewall Requirements

Port

Protocol

Source

Destination

Purpose

Not applicable

ICMP

Oracle Linux KVM hosts

Manager host

(Optional) Diagnostics

22

TCP

External systems

Manager host

(Optional) SSH access to the Manager host for administration and maintenance

80

TCP

Administration Portal clients

VM Portal clients

Oracle Linux KVM hosts

REST API clients

Manager host

HTTP access to the Manager

443

TCP

Administration Portal clients

VM Portal clients

Oracle Linux KVM hosts

REST API clients

Manager host

HTTPS access to the Manager

2222

TCP

Clients

Manager host

SSH access to virtual machine serial consoles

5432

TCP,UDP

Manager host

Data Warehouse Service

External systems

Manager host

(Optional) Connections to PostgreSQL database server

Only required if the Engine database or the Data Warehouse database run on the Manager host

6100

TCP

Administration Portal clients

VM Portal clients

Manager host

(Optional) WebSocket proxy access to the noVNC or HTML 5 virtual machine consoles

Only required if the WebSocket proxy runs on the Manager host

7410

UDP

Oracle Linux KVM hosts

Manager host

(Optional) Kdump notifications

Only required if Kdump is enabled

54323

TCP

Administration Portal clients

Manager host

(Optional) Image I/O Proxy access to upload images

Only required if the Image I/O Proxy runs on the Manager host


Remote Component Firewall Requirements

Some Oracle Linux Virtualization Manager components can run on separate remote hosts. Use the following information to configure the firewall on these hosts.

Table 3 Remote Component Firewall Requirements

Port

Protocol

Source

Destination

Purpose

5432

TCP,UDP

Manager host

Data Warehouse Service

External systems

PostgreSQL database server

Connections to PostgreSQL database server

Required if the Engine database or the Data Warehouse database run on a remote host

6100

TCP

Administration Portal clients

VM Portal clients

WebSocket proxy host

WebSocket proxy access to the noVNC or HTML 5 virtual machine consoles

Required if the WebSocket proxy runs on a remote host


KVM Host Firewall Requirements

When you add an Oracle Linux KVM host to Oracle Linux Virtualization Manager, the existing firewall configuration on the host is overwritten and the required firewall ports are configured automatically.

To disable automatic firewall configuration when adding a KVM host, clear the Automatically configure host firewall check box under Advanced Parameters. Then use the following information to manually configure the firewall.

Table 4 Oracle Linux KVM Host Firewall Requirements

Port

Protocol

Source

Destination

Purpose

22

TCP

Manager host

KVM hosts

(Optional) SSH access to KVM hosts

111

TCP

NFS storage server

KVM hosts

(Optional) NFS connections

Only required if you use NFS storage

161

UDP

KVM hosts

Manager host

(Optional) Simple network management protocol (SNMP)

Only required if you want to send SNMP traps to external SNMP managers

2223

TCP

Manager host

KVM hosts

SSH access to virtual machine serial consoles

5900 to 6923

TCP

Administration Portal clients

VM Portal clients

KVM hosts

Access to virtual machine consoles using VNC or RDP protocols

5989

TCP,UDP

Common Information Model Object Manager (CIMOM)

KVM hosts

(Optional) CIMOM connections

Only required if you use CIMOM to monitor virtual machines running on the host

6081

UDP

KVM hosts

KVM hosts

(Optional) Open Virtual Network (OVN) connections

Only required if the OVN network provider is enabled

9090

TCP

Manager host

Client machines

KVM hosts

(Optional) Cockpit connections

16514

TCP

KVM hosts

KVM hosts

Virtual machine migration using libvirt

49152 to 49216

TCP

KVM hosts

KVM hosts

Automated and manual virtual machine migration and fencing using VDSM

54321

TCP

Manager host

KVM hosts

KVM hosts

VDSM communication with the Oracle Linux Virtualization Manager and other KVM hosts

54322

TCP

Manager host

Image I/O Proxy host

KVM hosts

(Optional) Communication with the Image I/O Proxy to upload images

Only required if the Image I/O Proxy runs on the Manager host or a separate host