Page tree

Contents

Important Note

Before you deploy BloxOne services and on-prem hosts, ensure that you prepare your environment according to the requirements for the supported platforms and open all necessary ports for unrestricted outbound access.

Port Usage for Firewall

The following table lists the ports that must be available in your firewall for the BloxOne on-prem hosts to function properly.

IP ProtocolPortServices that use this portDestinationDescriptionIPs and URLs (if applicable)
TCP & UDP53
  • Anycast
  • Data Connector
  • DHCP
  • DNS
  • DNS Forwarding Proxy
  • NIOS Grid Connector
csp.infoblox.com

For the Cloud Services Portal connectivity to work as desired, TCP and UDP 53 ports are used as the outbound port to the complete list of cloud addresses.


N/A
UDP67
  • DHCP
N/AFor DHCP serviceN/A
UDP68
  • DHCP
DHCP clientsFrom DHCP server to DHCP clientsN/A
TCP80
  • Redirect Server
N/AFor redirect purposesDefault redirect IP: 52.4.105.248
UDP123
  • NTP Server
  • NTP Pool
  • ntp.ubuntu.com
  • pool.ntp.org
  • For NTP server synchronization
  • For NTP Pool only if time sync with EXSi is disabled)

N/A

TCP443
  • Redirect Server
N/AFor redirect purposesDefault redirect IP: 52.4.105.248
TCP443
  • Anycast
  • Data Connector
  • NIOS Grid Connector
  • csp.infoblox.com
  • cp.noa.infoblox.com
  • grpc.csp.infoblox.com
  • app.noa.infoblox.com
  • tide.infoblox.com
  • For Cloud Services Portal access (unrestricted outbound access to TCP 443)
  • For on-prem host platform and application management

N/A

TCP443
  • DNS
  • DNS Forwarding Proxy
  • DHCP
  • BloxOne Threat Defense Cloud
  • dns.bloxone.infoblox.com
  • threatdefense.bloxone.infoblox.com

Note: Communication with these destinations will bypass any proxy server setting. In other words, if you configure a proxy, the BloxOne DDI service destination (dns.bloxone.infoblox.com:443) is bypassed on the proxy. Similarly, the DNS forwarding proxy service (threatdefense.bloxone.infoblox.com:443) is bypassed on the proxy.

  • For BloxOne DDI authoritative DNS cloud services
  • For BloxOne Threat Defense Cloud DNS server

For BloxOne Threat Defense Cloud DNS Server:

  • 52.119.40.100
  • 103.80.5.100
TCP647
  • DHCP
  • dhcp.bloxone.infoblox.com

This is an incoming port for the HA (High Availability) feature.

The receiving peer must be able to receive traffic on the port, and the sending peer must be able to send traffic to the port, generally from other random ports.

For DHCP and DHCP HA (High Availability)N/A
UDP647
  • DHCP clustering
  • dhcp.bloxone.infoblox.com

This is an incoming port for the HA (High Availability) feature.

The receiving peer must be able to receive traffic on the port, and the sending peer must be able to send traffic to the port, generally from other random ports.

For DHCP clustering load balancingN/A
TCP847
  • DHCP clustering
  • dhcp.bloxone.infoblox.com

This is an incoming port for the HA (High Availability) feature.

The receiving peer must be able to receive traffic on the port, and the sending peer must be able to send traffic to the port, generally from other random ports.

For DHCP clusteringN/A

Note

A complete list of the used IP addresses, subnets, and hostnames is available in a JSON file by clicking this link.

For additional information on BloxOne connectivity service requirements, see the following:


  • No labels

This page has no comments.