cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

HA TCP Port 5671

Jump to solution

Hello All,

I am working on a large scale design with multiple APE's all with HA, and the following description has got me slightly confused.

5671TCP

SolarWinds High Availability

bidirectionalPort 5671 must be open into the HA pool with the main Orion server from all Orion servers. Traffic is encrypted using TLS 1.2.

I am building Firewall rules for the environment and this description doesn't clarify which devices use this port. Does this mean that each of the Pool Members in an HA Pair needs to communicate with each other on this port? Does it mean that the Primary Server needs to communicate with each of the pool members of any HA APE Pool, can anyone add any context?

Thanks

David

- David Smith
0 Kudos
1 Solution

It is not required between individual APEs in a pool, but it is required from each APE pool member to both main Orion servers if they're participating in an HA pool.

If it's easier to understand excluding HA from the equation, all APE's must have this port open the main Orion server. if they're in an HA pool, then that means both members of the HA pool must have this port open to the main Orion server. If he main Orion server is in an HA pool, then both members of that main HA pool must have this port open also, in addition to any APEs.

View solution in original post

0 Kudos
7 Replies
Product Manager
Product Manager

5671 (TCP) is used for SSL encrypted RabbitMQ messaging between the primary & secondary Orion servers, as well as any additional polling engines.

0 Kudos

Thanks aLTeReGo, just to clarify

Orion Primary <> Orion Standby (HA WAN)
Orion Primary <> APE (Primary)
Orion Primary <> APE (Standby)

Orion Standby <> APE (HA Primary)

Orion Standby <> APE (HA Standby)

Does it need to point to VIP or the Pool IP Directly?

- David Smith
0 Kudos

That is correct sir. It should be the IP's of the individual members if you're defining only the destination IP address in your access control lists. If you are also defining the source IP, then you will need to include the VIP as well as a potential source.

0 Kudos

Thanks, we do want to include the VIP as a source as it has been given an IP appropriate to ensure polling from the VIP but I wasn’t sure if this port was needed between the two pool members of a HA pair or just from the each pool member to the VIP of other pool members?

- David Smith
0 Kudos

It is not required between individual APEs in a pool, but it is required from each APE pool member to both main Orion servers if they're participating in an HA pool.

If it's easier to understand excluding HA from the equation, all APE's must have this port open the main Orion server. if they're in an HA pool, then that means both members of the HA pool must have this port open to the main Orion server. If he main Orion server is in an HA pool, then both members of that main HA pool must have this port open also, in addition to any APEs.

View solution in original post

0 Kudos

Excellent, thank you for the clarification.

Sorry but are you able to confirm, if that’s the same for the new Cortex Service on port 17799 ?

- David Smith
0 Kudos

TCP Port 17799 communicates exclusively through localhost. It does not need to be opened externally to any network hosts.

0 Kudos