Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Tech Tip : Firewall between CVP Call server & OAMP Server

Requirement :

Our customer has a firewall sitting between one of the CVP Call Servers and the Ops Console which are running CVP 7.0.2 ES2, ES22, ES27, ES33. We have followed the Port utilisation guide to insert firewall rules, however we can see that there are some undocumented ports being used from the Ops console to the CVP server. The ports seem to be related to checking the status, as it allows the server to be saved and deployed, however specifies it's status as unreachable. The ports in question we have found so far are 1401 and 1402. Could you please investigate and identify if there are any more ports I should be aware of that we will need to open ?

Solution / Advise :

"CVP OAMP component across firewall zones is not a supported deployment, for example, OAMP Server being outside of firewall and rest of the CVP components behind the firewall is not supported"

The reason for this is, CVP OAMP utilizes undocumented dynamic ports for communication. There is no way to currently specify the range due to the dynamic nature.

CVP 8 SRND Contents : Unified CVP Operations Console Server uses dynamic ports for communication with other components, therefore it cannot be deployed outside of a firewall while the rest of the Unified CVP components reside inside the firewall.

Version history
Revision #:
1 of 1
Last update:
‎04-09-2011 08:23 AM
Updated by:
 
Labels (1)
Everyone's tags (3)
Comments
New Member

Hi,

From my point of view, it is also interesting to add this piece of information in the port utilization guide (not only on the SRND)

When dealing with firewall rules, we probably go directly to the port utilization guide.

Regards,

Lotfi.