ONTAP Discussions

Cluster access via firewall

bob_lansley
5,057 Views

I'm in the process of deploying 2554's at two sites that for technical reasons stand on the "other" side of our Corporate firewall.

 

They are running 8.3RC1 and were setup internally before being re-IP'ed and shipped to site.

 

So far we've had to drill holes to get ssh access to the SP's and web access to the System Manager interface on the cluster itself. It seems likely that peering and autosupport transmission is also affected as neither are working thusfar.

 

In the case of peering we set these up internally before shipping but having changed the relevent IP's. cluster peer show indicates the peer cluster to be unavailable. cluster peer health shows "Data" as interface_reachable but "ICMP" as unreachable.

 

What I would like to know is if there is a known hit list along the lines of "These are the ports that need to be open on a firewall to allow full intercluster and remote administartion acces". As a minimum what needs to be addressed for the peering and autosupport to be configured on the firewall?

 

Thank you for your time

 

Cheers,


Bob

 

 

4 REPLIES 4

ERICBLECKE
4,917 Views

I don't have firewalls in place on my subnet - data is reachable but ICMP is not.

 

8.2.2P1 if that helps any

KSALINVILLE
4,731 Views
Eric,

I'm seeing this same cluster peer health in my 8.2.3 setup. Were you able to resolve your issue? Currently, my clusters are peered and I have a vserver on each cluster that is peered to the other. I'm able to create data protection relationships, but not able to initialize them. When I run the initialize, I receive a network timeout error.

Thanks!
Kris

Amresh
4,660 Views

What is solution kindly provide me on urgent basis.

KSALINVILLE
4,034 Views

Amresh,

 

Sorry for the delayed reply.  The fix in our case was that the provider hosting the dark fiber between sites was not passing the jumbo frames that we had configured at each of the endpoints.

 

Thanks!

Kris

 

Public