Video Screencast Help

Firewall port requirement for VVR and GCO

Created: 19 Apr 2014 • Updated: 27 Apr 2014 | 2 comments
Jomy's picture
This issue has been solved. See solution.

Here I  have the list of firewall port requirement for GCO

https://sort.symantec.com/public/documents/sfha/6....

we are using 4 IP's at one site and each of the will be from same subnet .

physical IP- 192.168.1.xxx.
Cluster IP-192.168.1.xxx.
App IP-192.168.1.xxx.
VVR IP.-192.168.1.xxx.

This is for primary site and DR site will different subnet and IP.

my question is what are the ports to be open on firewall against physical IP,Cluster IP,APP IP etc.

since our last project we faced some issues and we enabled all required ports against all IP's.

 

Thank you

J0my

 

Operating Systems:

Comments 2 CommentsJump to latest comment

starflyfly's picture

default is 14155.

refer:

 

http://www.symantec.com/business/support/index?page=content&id=HOWTO66089&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1398045642541ec7K3IdUjiNUx1C49pN0PQR9p310hZ9tFEBX2

 

Table: VCS services and ports

Port Number

Protocol

Description

Process

14150

TCP

Veritas Command Server

CmdServer.exe

14141

TCP

Veritas High Availability Engine

Veritas Cluster Manager (Java console) (ClusterManager.exe)

VCS Agent driver (VCSAgDriver.exe)

had.exe

7419

TCP

Symantec Plugin Host Service

Solutions Configuration Center (SFWConfigPanel.exe)

CCF Engine (CEngineDriver.exe)

pluginHost.exe

14149

TCP/UDP

VCS Authentication Service

vcsauthserver.exe

8199

TCP

Volume Replicator Administrative Service

vras.dll

4145

UDP

VCS Cluster Heartbeats

vxio.sys

4888

TCP

Veritas Scheduler Service

Use to launch the configured schedule.

VxSchedService.exe

49152-65535

TCP/UDP

Volume Replicator Packets

User configurable ports created at kernel level by vxio .sys file

14144

TCP/UDP

VCS Notification

Notifier.exe

14153, 15550 - 15558

TCP/UDP

VCS Cluster Simulator

hasim.exe

14155

TCP/UDP

VCS Global Cluster Option (GCO)

wac.exe

If the answer has helped you, please mark as Solution.

Wally_Heim's picture

Hi Jomy,

Windows TCP/IP stack can be a little strange how it tags outbound packets when mulitple IPs are concerned.  If you are working with a system with a single IP then all outbound packets are tagged as coming from that 1 IP.  However, when you are working with a system with multiple IPs, all outbound packets are still only tagged as coming from a single IP.  In a cluster situation where IPs are added and removed the outbound packets can be tagged with a different IP depending on what virtual IPs on online/offline on the node.  Because of this changing of the outbound packet source IP, firewalls for Windows servers typically need to have all ports open for all available IPs (phyical and virtual) that can run in the cluster. 

I know that it is a little messy.  You can actually do calulations on the IP to determine how Windows will respond to the IP being added/removed from the system but it is much easier to just add them all to the firewall.

-Wally

SOLUTION