Contents
Important Note
The minimum system requirements specified for on-prem hosts must be dedicated to the on-prem host you plan to deploy. They cannot be shared with or used for other non-Infoblox applications. Sharing resources will negatively affect the performance of your BloxOne services. For more information, see Minimum System Requirements for On-Prem Hosts.
Before you deploy BloxOne services and on-prem hosts, ensure that you prepare your environment according to the requirements for the supported platforms and open all necessary ports for unrestricted outbound access. All used IPs on the provided list require 443/tcp be open when in use.
For additional information on BloxOne connectivity service requirements, see the following:
Port Usage for Firewall
The following table lists the ports that must be available in your firewall for the BloxOne on-prem hosts and other important services requiring specific ports in order to function properly.
IP Protocol | Port | Services that use this port | Domains/Destinations | Description | IPs and URLs (if applicable) |
---|---|---|---|---|---|
TCP & UDP | 53 |
|
| For the Cloud Services Portal connectivity to work as desired, TCP and UDP 53 ports are used as the outbound port to the complete list of cloud addresses. | For BloxOne Threat Defense Cloud DNS Server:
|
UDP | 67 |
| N/A | For DHCP service | N/A |
UDP | 68 |
| DHCP clients | From DHCP server to DHCP clients | N/A |
TCP | 80 |
| N/A | For redirect purposes | Redirect IPs: For IPv4: 3.215.231.251 For IPv6: 2600:1f18:1043:dc00:8083:68e:ef0f:46de 2600:1f18:1043:dc02:ed26:448b:247:90c9 |
UDP | 123 |
|
|
| N/A |
TCP | 443 |
| N/A | For redirect purposes | Redirect IPs: For IPv4: 3.215.231.251 For IPv6: 2600:1f18:1043:dc00:8083:68e:ef0f:46de 2600:1f18:1043:dc02:ed26:448b:247:90c9 |
TCP (TLS) | 443 |
|
|
| N/A |
TCP | 443 |
|
|
|
|
TCP | 443 |
|
Note: Communication with these destinations will bypass any proxy server setting. In other words, if you configure a proxy, the BloxOne DDI service destination (dns.bloxone.infoblox.com:443) is bypassed on the proxy. Similarly, the DNS forwarding proxy service (threatdefense.bloxone.infoblox.com:443) is bypassed on the proxy. |
| For BloxOne Threat Defense Cloud DNS Server:
|
TCP | 647 |
|
This is an incoming port for the HA (High Availability) feature. The receiving peer must be able to receive traffic on the port, and the sending peer must be able to send traffic to the port, generally from other random ports. | For DHCP and DHCP HA (High Availability) | N/A |
UDP | 647 |
|
This is an incoming port for the HA (High Availability) feature. The receiving peer must be able to receive traffic on the port, and the sending peer must be able to send traffic to the port, generally from other random ports. | For DHCP clustering load balancing | N/A |
TCP | 847 |
|
This is an incoming port for the HA (High Availability) feature. The receiving peer must be able to receive traffic on the port, and the sending peer must be able to send traffic to the port, generally from other random ports. | For DHCP clustering | N/A |
Note
This page has no comments.