Hosts and ports of cnMAESTRO

Hi, i nedd hosts and ports to be allowed in the firewall to permit epmp and r200 cnmaestro onboarding.

thanks a lot,

Michele Pietravalle

cnMaestro requires all managed devices to have Internet connectivity to over port 443. For software upgrade, outbound access to should also be allowed over ports 80 and 443.


Thanks. is on AWS. I think that it can change IP at every request. Do you have a subnet to be allowed? thanks a lot,

best regards,

Michele Pietravalle

Yes, the IP addresses of our domain (and subdomains) are not static and will be allocated by our hosting provider. This means if you want to limit outbound access by IP, you will need a fairly extensive list of subnets. This is further complicated because the list is not yet complete -- though it should be more resolved later in January. If this is going to be a challenge, then our NOC (customer-hosted) release at the end of Q1 could be an alternative.


do you know if NOC version is free of charge or licensed?

is possible to migrate the configuratio from cloud to NOC?


Michele Pietravalle

We are still finalizing some of the details for the customer-hosted version; however we do plan to allow users to transfer configuration between cloud and NOC.

what about for the on-premise deployment of maestro?  what ports need to be used internally?  only http 80 and https 443?  do we need snmp, ssh, et cetera??

For cnMaestro On-Premises the required ports are 80 (for software image download) and 443.


1. I want to allow certain ip to access cnMaestro on premise or cloud


1. you said I need to open port 80,443

Can I do that using built-in ACL or I need external firewall to do that

2. let say I only allow port 80,443 from 1 ip.

What port need to be opened in order for ap connect to on premise cnMaestro



You need to open the ports on the firewall which is facing to the internet for cnMaestro cloud.

AP uses port 80 and 443 even for on premise cnMaestro.

Best Regards,

Gupta Bobby