On-prem Maestro to AP/SM ports for firewall

What ports are needed to allow an on-prem cnMaestro to communicate back and forth with AP/SMs?  I want to make sure the firewall doesn't block the traffic.  Thanks!

It appears that all communication from Maestro to the devices occurs over port 443, so for anyone on-prem you can turn the firewall on and restrict by ip (run commands as sudo or place in a shell script).  Replace the x.x.x.x with the computer/network that is accessing Maestro and y.y.y.y with the ip of Maestro.  Run this from the console rather than ssh so as not to lock yourself out of the ssh session.

# View current firewall rules and status of firewall

ufw status

# Start ufw (should enable on boot too)
ufw enable

# for ssh access
ufw allow from x.x.x.x to y.y.y.y port 22

# For web access
ufw allow from x.x.x.x to y.y.y.y port 443

# Restrict by network, if needed (fill in the cidr)

ufw allow from x.x.0.0/16 to y.y.y.y port 443

2 Likes

That is correct.  The vast majority of traffic occurs over 443.  Depending on what features you require some other ports may need to be opened.

From page 319 of the On-Premises user guide:

1 Like