There is no such thing as too many layers of security - Nutanix network ports

Looking to strengthen security of your HCL cluster? Consider keeping only necessary ports open.

Following is the list of firewall ports that must be kept open to successfully access the Nutanix cluster.

• Prism web console: 9440, 80
• SSH to both CVM and Hypervisor: 22
• Cluster remote support: 80, 8443
• vCenter remote console: 443, 902, 903 from both the user host and vCenter
• vCenter from Prism web console: 443, 80
• Citrix MCS: virtual IP, Port 9440 (TCP)
• Xtract for VMs (Move): ESXi hosts (TCP 443, 902); AHV (TCP and UDP 2049, 111)

Following is the list of ports that must be kept open for the 1-Click upgrade.

• *.compute-*.amazonaws.com:80,443
• release-api.nutanix.com:80
• ntnx-portal.s3.amazonaws.com and s3*.amazonaws.com

Information above is extracted from KB-1478 which also explains what to do when configuring the entire range of IP address for AWS is not acceptable and using FQDN wildcards is not an option supported by the firewall the environment.

KB-1202 Lists port numbers used for inter CVM communication.

NX-series owners may find NX Series Hardware Administration Guide on Firewall Port Requirements for IPMI useful as well.