...
Local Firewall Configuration
Configure on each host as required using ufw Default local firewall rules
| Code Block |
|---|
sudo ufw allow ssh |
...
sudo ufw allow http |
...
sudo ufw |
...
allow http ssudo ufw enable |
Additional rules are required on the core node for each arm deployed
| Code Block |
|---|
sudo ufw allow from <ip address of arm> to any proto tcp port 5984, |
...
5986s udo ufw allow from <ip address of arm> to any proto tcp port 6379,6380 |
Default Terminator Configuration (Testmate)
| Code Block |
|---|
sudo ufw allow from any proto udp port 6700:6799 |
External Firewall Ports
ARM → Core
Couchdb tcp/5984 tcp/5986 tcp/6984 Redis tcp/6379 tcp/6380SSH tcp/22
Core → Arm – Patch transfer
SSH tcp/22
User
...
Access to Yarnman
...
SSH tcp/22HTTPS tcp/443
Customer → Arm - PWreset/Yarndoor/PrattlerHTTPS tcp/443
Prattler upload
tcp/8444Prattler WS tcp/8081
RTP udp/6700-6799 – required for Media
Arm → Customer UC Apps - T
estmateCTI/QBE. TCP 2748LDAP tcp/389 tcp/636
RTP udp/6700-6799 (configurable)
WS AXL/RIS HTTP tcp/80 tcp/443 tcp/8443
SSH tcp/22
Core ↔ Core - HA only
Couchdb cluster tcp/9100-9200
Redis Cluster tcp/1000
...
From (Sender) | To (Listener) | Destination Port | Purpose |
|---|---|---|---|
user segment | Yarnman node | TCP/443 | HTTPS |
user segment | Yarnman node | TCP/80 | HTTP redirect to HTTPS |
user segment | Yarnman node | TCP/22 | SSH - Support |
Yarnman to Other Systems
From (Sender) | To (Listener) | Destination Port | Purpose |
|---|---|---|---|
Yarnman node | CUCM/UCXN/EXPW |
| HTTP Webservices (AXL,RIS,Perfmon) |
Yarnman node | CUCM | TCP/2748 | CTI/QBE JTAPI |
UC Services (CUCM/MTP/Phone) | Yarnman node | UDP/6700-6799 (configurable in Yarnman) | Receive RTP ports |
Yarnman node | UC Services (CUCM/MTP/Phone) | UDP/16384 - 32767 (configurable in CUCM) | Transmit RTP ports |
Yarnman node | CUCM/UCXN/EXPW | TCP/22 | SSH proxy (yarn_gate) |
Yarnman node | CUCDM8 | TCP/8181 | Webservice |
Yarnman node | CUCDM10/11/VOSS4UC | TCP/443 | Webservice |
Yarnman node | Kurmi | TCP/443 | Webservice |
Arm deployment
From (Sender) | To (Listener) | Destination Port | Purpose |
|---|---|---|---|
Yarnman Arm node | Yarnman Core node |
| Couchdb |
Yarnman Arm node | Yarnman Core node |
| Redis |
Yarnman Arm node | Yarnman Core node | TCP/22 | SSH - Support |
Yarnman Core node | Yarnman Arm node | TCP/22 | SSH - Patch Transfer |
High Avalilbity deployment
From (Sender) | To (Listener) | Destination Port | Purpose |
|---|---|---|---|
Yarnman Core node | Yarnman Core node | TCP/9100-9200 | Database Clustering |
Yarnman Core node | Yarnman Core node |
| Database Clustering |
Yarnman Core node | Yarnman Core node |
| Message Bus Clustering |
Yarnman Core node | Yarnman Core node | TCP/1000 | Message Bus Clustering |
Certificates
From Yarnman Menu - Select "Certificates"
...