2014-12-18 01:19 AM
I'm in the process of deploying 2554's at two sites that for technical reasons stand on the "other" side of our Corporate firewall.
They are running 8.3RC1 and were setup internally before being re-IP'ed and shipped to site.
So far we've had to drill holes to get ssh access to the SP's and web access to the System Manager interface on the cluster itself. It seems likely that peering and autosupport transmission is also affected as neither are working thusfar.
In the case of peering we set these up internally before shipping but having changed the relevent IP's. cluster peer show indicates the peer cluster to be unavailable. cluster peer health shows "Data" as interface_reachable but "ICMP" as unreachable.
What I would like to know is if there is a known hit list along the lines of "These are the ports that need to be open on a firewall to allow full intercluster and remote administartion acces". As a minimum what needs to be addressed for the peering and autosupport to be configured on the firewall?
Thank you for your time
2015-03-10 02:28 PM
2016-02-29 09:25 PM
Sorry for the delayed reply. The fix in our case was that the provider hosting the dark fiber between sites was not passing the jumbo frames that we had configured at each of the endpoints.