Configuring Firewalls

Before deploying CloudBlue Commerce with the WebHosting Plesk module and its service nodes, make sure that any firewalls on the management node and service nodes do not block incoming and outgoing connections on the ports listed in the following tables.

Important: The network address translation mechanism implemented by CloudBlue Commerce (See Operations Provider's Guide > Managing Hardware Nodes > NAT Support for CloudBlue Commerce Services) is not supported. Do not use it.

Internal Outgoing Connections

Centralized database server node (MySQL or PostgreSQL)

From	To	Protocol	Port
Service Node – BackNet NIC	DNS Resolver Server – BackNet NIC	TCP, UDP	53 (DNS server)
Service Node – BackNet NIC	External Native Repositories and the CBC Central repository (YUM repositories) – BackNet NIC	TCP	Custom port range. Note: The destination hosts and ports may vary depending on YUM repositories. The default port is 80.
Service Node – BackNet NIC	CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	TCP	8352-8500 (except for 8440), 80, 16384 – for CloudBlue Commerce Management Node on Linux (LINMN)

Websites Manager node

From	To	Protocol	Port
WebHosting Plesk Websites Manager Node – BackNet NIC	DNS Resolver Server – BackNet NIC	TCP, UDP	53 (DNS server)
WebHosting Plesk Websites Manager Node – BackNet NIC	External native repositories and the CloudBlue Commerce Central repository (YUM repositories) – BackNet NIC	TCP	Custom port range. Note: The destination hosts and ports may vary depending on YUM repositories. The default port is 80.
WebHosting Plesk Websites Manager Node – BackNet NIC	CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	TCP	8352-8500 (except 8440), 80, 16384
WebHosting Plesk Websites Manager Node – BackNet NIC	CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	TCP	6308 (APS controller)
WebHosting Plesk Websites Manager Node – BackNet NIC	Apache-based and IIS-based web hosting service nodes – BackNet NIC	TCP	6300 (WebHosting Plesk web application endpoint)

UI node

From	To	Protocol	Port
UI node – BackNet NIC	Plesk-based service node – BackNet NIC	TCP	8443

Apache-based web hosting service node

From	To	Protocol	Port
Apache-based web hosting service node – BackNet NIC	DNS resolver server – BackNet NIC	TCP, UDP	53 (DNS server)
Apache-based web hosting service node – BackNet NIC	External native repositories and the CBC Central repository (YUM repositories) – BackNet NIC	TCP	Custom port range. Note: The destination hosts and ports may vary depending on YUM repositories. The default port is 80.
Apache-based web hosting service node – BackNet NIC	CloudBlue Commerce management node on Linux (LINMN) – BackNet NIC	TCP	8352-8500 (except 8440), 80, 16384 – for CloudBlue Commerce management node on Linux (LINMN)
Apache-based web hosting service node – BackNet NIC	Centralized MySQL server node - BackNet NIC	TCP	3306 (MySQL)
Apache-based web hosting service node – BackNet NIC	Centralized PostgreSQL server node - BackNet NIC	TCP	5432 (PostgreSQL)

IIS-based web hosting service node

From	To	Protocol	Port
IIS-based web hosting service node – BackNet NIC	DNS resolver server – BackNet NIC	TCP, UDP	53 (DNS server)
IIS-based web hosting service node – BackNet NIC	CloudBlue Commerce management node on Linux (LINMN) – BackNet NIC	TCP	8352-8500 (except 8440), 80, 16384 – for CloudBlue Commerce management node on Linux (LINMN)
IIS-based web hosting service node – BackNet NIC	Centralized MySQL server node - BackNet NIC	TCP	3306 (MySQL)
IIS-based web hosting service node – BackNet NIC	Centralized PostgreSQL server node - BackNet NIC	TCP	5432 (PostgreSQL)

Internal Incoming Connections

Websites Manager node

From	To	Protocol	Port
CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	WebHosting Plesk Websites Manager Node – BackNet NIC	TCP	22 (SSH)
CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	WebHosting Plesk Websites Manager Node – BackNet NIC	TCP	8352-8500 (except 8440)
Apache-based and IIS-based web hosting service nodes	WebHosting Plesk Websites Manager Node – BackNet NIC	TCP	8352-8500 (except 8440)
CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	WebHosting Plesk Websites Manager Node – BackNet NIC	TCP	6301

Centralized MySQL server node

From	To	Protocol	Port
CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	Centralized MySQL server node – BackNet NIC	TCP	8352-8500 (except 8440)
CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	Centralized MySQL server node – BackNet NIC	TCP	22 (SSH)
Apache-based web hosting service nodes - BackNet NIC	Centralized MySQL server node – BackNet NIC	TCP	3306 (MySQL)
IIS-based web hosting service nodes - BackNet NIC	Centralized MySQL server node – BackNet NIC	TCP	3306 (MySQL)

Centralized PostgreSQL server node

From	To	Protocol	Port
CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	Centralized PostgreSQL server node – BackNet NIC	TCP	8352-8500 (except 8440)
CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	Centralized PostgreSQL server node – BackNet NIC	TCP	22 (SSH)
Apache-based web hosting service nodes - BackNet NIC	Centralized PostgreSQL server node – BackNet NIC	TCP	5432 (PostgreSQL)

Centralized or shared Microsoft SQL Server node

From	To	Protocol	Port
Apache-based or IIS-based web hosting service nodes – BackNet NIC	Microsoft SQL Server node – BackNet NIC	TCP, UDP	If using the default instance on the Microsoft SQL Server node - open the TCP port 1433. If using named instances on the Microsoft SQL Server, open the UDP port 1434, and the range of dynamic TCP ports as configured by the database server administrator. If using the default instance and named instances at the same time, open the TCP port 1433, UDP port 1434, and the range of dynamic TCP ports as configured by the database server administrator.

From

Protocol

Port

Apache-based or IIS-based web hosting service nodes – BackNet NIC

Microsoft SQL Server node – BackNet NIC

TCP, UDP

If using the default instance on the Microsoft SQL Server node - open the TCP port 1433.

If using named instances on the Microsoft SQL Server, open the UDP port 1434, and the range of dynamic TCP ports as configured by the database server administrator.

If using the default instance and named instances at the same time, open the TCP port 1433, UDP port 1434, and the range of dynamic TCP ports as configured by the database server administrator.

Apache-based web hosting service node

From	To	Protocol	Port
CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	Apache-based web hosting service node – BackNet NIC	TCP	8352-8500 (except 8440)
CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	Apache-based web hosting service node – BackNet NIC	TCP	22 (SSH)
Websites Manager node - BackNet NIC	Apache-based web hosting service node – BackNet NIC	TCP	6300 (WebHosting Plesk web application endpoint)

IIS-based web hosting service node

From	To	Protocol	Port
CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	IIS-based web hosting service node – BackNet NIC	TCP	8352-8500 (except 8440)
CloudBlue Commerce Management Node on Linux (LINMN) – BackNet NIC	IIS-based web hosting service node – BackNet NIC	TCP	5985
Websites Manager node - BackNet NIC	IIS-based web hosting service node – BackNet NIC	TCP	6300 (WebHosting Plesk web application endpoint)

For External Incoming Connections

Apache-based web hosting service node

From	To	Protocol	Port
Public network	Apache-based web hosting service node – FrontNet NIC	TCP	8880, 8443 (Customer Panel)
Public network	Apache-based web hosting service node – FrontNet NIC	TCP	80, 443 (Web)
Public network	Apache-based web hosting service node – FrontNet NIC	TCP	21 (FTP)
Public network	Apache-based web hosting service node – FrontNet NIC	TCP	22 (SSH)
Public network	Apache-based web hosting service node – FrontNet NIC	TCP	25, 465 (SMTP)
Public network	Apache-based web hosting service node – FrontNet NIC	TCP	110, 995 (POP3)
Public network	Apache-based web hosting service node – FrontNet NIC	TCP	143, 993 (IMAP)
Public network	Apache-based web hosting service node – FrontNet NIC	TCP	3306 (MySQL)
Public network	Apache-based web hosting service node – FrontNet NIC	TCP	5432 (PostgreSQL)
Public network	Apache-based web hosting service node – FrontNet NIC	TCP	5224 (Licensing server connections)
Public network	Apache-based web hosting service node – FrontNet NIC	TCP	8447 (Plesk Installer Web Interface)

IIS-based web hosting service node

From	To	Protocol	Port
Public network	IIS-based web hosting service node – FrontNet NIC	TCP	8443 (Customer Panel)
Public network	IIS-based web hosting service node – FrontNet NIC	TCP, UDP	UDP 137, UDP 138, TCP 139, TCP 445 (file sharing on Windows networks)
Public network	IIS-based web hosting service node – FrontNet NIC	TCP	80, 443 (Web)
Public network	IIS-based web hosting service node – FrontNet NIC	TCP	21 (FTP)
Public network	IIS-based web hosting service node – FrontNet NIC	TCP	22 (SSH)
Public network	IIS-based web hosting service node – FrontNet NIC	TCP	25, 465 (SMTP)
Public network	IIS-based web hosting service node – FrontNet NIC	TCP	110, 995 (POP3)
Public network	IIS-based web hosting service node – FrontNet NIC	TCP	143, 993 (IMAP)
Public network	IIS-based web hosting service node – FrontNet NIC	TCP	106 (Mail password change service)
Public network	IIS-based web hosting service node – FrontNet NIC	TCP	3306 (MySQL)
Public network	IIS-based web hosting service node – FrontNet NIC	TCP	1433 (MS SQL Server)
Public network	IIS-based web hosting service node – FrontNet NIC	TCP	5432 (PostgreSQL)
Public network	IIS-based web hosting service node – FrontNet NIC	TCP	5224 (Licensing server connections)
Public network	IIS-based web hosting service node – FrontNet NIC	TCP, UDP	53 (DNS server)
Public network	IIS-based web hosting service node – FrontNet NIC	TCP	8447 (Plesk Installer Web Interface)