Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

the cisco Onplus cloud services IP address

Hi,

I did implemented the Cisco Onplus on customer sites, everything works fine. However, customer want to tight the security policy.

Currently, the extra communition from Onplus to external is only targeted to one IP address 216.227.195.156, which is obviously the Onplus cloud services.

Question:

Can I just allow Onplus to talk to this IP address on firewall policy; or will this public IP address be solid unchange for Onplus cloud service?

Alternatively can I limit the IP addresses for Onplus outgoing traffic?

Thank you in advance.

Everyone's tags (2)
2 REPLIES
New Member

the cisco Onplus cloud services IP address

You can't really depend on 216.227.195.156 not changing.  Our system redundancy typically will not trigger a change during a failover incident, but there are certainly scenarios where the service may have to be recovered to an entirely different IP address allocation.

In addition, we do periodically migrate sites as we add portal locations.  This is typically done when a new location is activated in our system that is topologically closer to the partner.  Improving network proximity can significantly improve performance, especially with the remote connection facility.

It appears you are located in Australia, and as it happens we anticpate such a migration for Australian sites, altough I don't believe this has been scheduled yet.

There are also other addresses the appliance may need to access, although it will do so rarely.  When the device does a factory reset, it will access our failsafe server.  It also accesses a server periodically to check for certificate updates.

Andy

Cisco Employee

the cisco Onplus cloud services IP address

The recommended path is to set the ON100 to a static IP address (which can be done via web tunnel to the ON100 via the portal even after activation), and to whitelist the ON100's static IP address inside the customer's firewall - or at least for the required ports. See this thread for a listing of the ports that must be allowed to initiate outward traffic from the ON100 agent:

https://supportforums.cisco.com/message/3433573#3433573

The ports are also listed in the OnPlus User Guide and also the Installation Guide, which you can find in the Documents tab at the top of this OnPlus Service community discussions page. You can also access this document via logging into the OnPlus portal and clicking Documentation at the top right (search for 14931).

-mike

375
Views
0
Helpful
2
Replies
CreatePlease login to create content