https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/161573#M36905 <P>Hi tyrone_owen,</P><P>&nbsp;</P><P>As mention before by <a href="https://community.netapp.com/t5/user/viewprofilepage/user-id/47696">@ttran</a>, port 749 is used for the kdc (kerberos) administration daemon.&nbsp;</P><P>&nbsp;</P><P data-unlink="true">Here is a link to the <A href="https://docs.netapp.com/us-en/occm/reference_networking_azure.html" target="_self">networking requirements for CVO in Azure</A> incase you were wondering all the ports that are used in the SG.</P><P>&nbsp;</P><P>Let us know if you have any additional questions regarding CVO in Azure or cloud in general</P><P>&nbsp;</P><P>Thanks</P> Fri, 27 Nov 2020 04:46:55 GMT darb0505 2020-11-27T04:46:55Z https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/161493#M36887 <P>Hi,</P> <P>&nbsp;</P> <P>I've noticed that the default Network Security Group for CVO has an allowed incoming rule for Kerberos TCP 749. Can anyone articulate why this is please?</P> <P>&nbsp;</P> <P>Thanks</P> Wed, 04 Jun 2025 10:44:15 GMT https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/161493#M36887 tyrone_owen_1 2025-06-04T10:44:15Z https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/161566#M36902 <P>Hello Tyrone_owen_1,</P><P>&nbsp;</P><P>Port 749 is the default port used for the KDC administration daemon.</P><P>&nbsp;</P><P>&nbsp;</P><P>Regards,</P><P>&nbsp;</P><P>Team NetApp</P> Fri, 27 Nov 2020 02:49:47 GMT https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/161566#M36902 ttran 2020-11-27T02:49:47Z https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/161573#M36905 <P>Hi tyrone_owen,</P><P>&nbsp;</P><P>As mention before by <a href="https://community.netapp.com/t5/user/viewprofilepage/user-id/47696">@ttran</a>, port 749 is used for the kdc (kerberos) administration daemon.&nbsp;</P><P>&nbsp;</P><P data-unlink="true">Here is a link to the <A href="https://docs.netapp.com/us-en/occm/reference_networking_azure.html" target="_self">networking requirements for CVO in Azure</A> incase you were wondering all the ports that are used in the SG.</P><P>&nbsp;</P><P>Let us know if you have any additional questions regarding CVO in Azure or cloud in general</P><P>&nbsp;</P><P>Thanks</P> Fri, 27 Nov 2020 04:46:55 GMT https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/161573#M36905 darb0505 2020-11-27T04:46:55Z https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/161653#M36933 <P>Thanks</P><P>&nbsp;</P><P>Probably my ignorance but isn't that an outbound port?</P> Tue, 01 Dec 2020 08:53:13 GMT https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/161653#M36933 tyrone_owen_1 2020-12-01T08:53:13Z https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/161696#M36946 <P>It is both inbound and outbound.&nbsp; If you are using HA CVO then the inbound traffic will go through the Azure Load Balancer, which is why traffic from the Load Balancer should be open to any port/protocol.&nbsp;</P><P>&nbsp;</P><P>Let me know if you have any further questions.</P><P>&nbsp;</P><P>Thanks</P> Wed, 02 Dec 2020 06:42:42 GMT https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/161696#M36946 darb0505 2020-12-02T06:42:42Z https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/161697#M36947 <P>Just to be clear, it is possible for the KDC administration daemon to initiate&nbsp;<STRONG>inbound</STRONG> traffic over 749 to a CVO appliance? In what circumstances please?</P><P>&nbsp;</P><P>Thanks</P> Wed, 02 Dec 2020 09:00:03 GMT https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/161697#M36947 tyrone_owen_1 2020-12-02T09:00:03Z https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/162133#M37025 <P><SPAN>Cloud Manager creates AWS security groups that include the inbound and outbound rules that the Connector and Cloud Volumes ONTAP need to operate successfully.&nbsp;</SPAN><FONT size="3"><A href="https://docs.netapp.com/us-en/occm/reference_security_groups.html#rules-for-cloud-volumes-ontap" target="_self">Security group rules for AWS</A></FONT></P><P>&nbsp;</P><P>For more information please visit the below link.</P><P><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Cloud_Services/Cloud_Manager/Can_the_configuration_of_NetApp_HA_Mediator_Instance_External_Security_Groups__be_changed%3F" target="_self">Can the configuration of&nbsp;AWS External Security Groups for CVO be changed?</A></P> Tue, 15 Dec 2020 08:12:12 GMT https://community.netapp.com/t5/ONTAP-Discussions/CVO-in-Azure-NSG-Rules-Kerberos/m-p/162133#M37025 Mjizzini 2020-12-15T08:12:12Z