Supported IPsec devices Firewall requirements Generic IaaS Running in AWS Running in Azure Running in Google Cloud Running in IBM Softlayer Running in Century Link
Firewall requirements

Table of Contents

Firewall Setup

VNS3 Controller instances use the following TCP and UDP ports:

  • UDP port 1194 - For client VPN connections; must be accessible from all servers that will join VNS3 topology as clients.

  • UDP 1195-1203* - For tunnels between Controller peers; must be accessible from all peers in a given topology. VNS3:vpn and VNS3:net Lite Edition will not require UDP ports 1195-1197 access as it is not licensed for Controller Peering.

  • TCP port 8000 - HTTPS admin interface; must be accessible from hosts where you will want to obtain runtime status or configure peering, also needs to be open to and from the Controllers at least for the peering process, and needs to be accessible when downloading credentials for installation on overlay network clients.

  • UDP port 500 - UDP port 500 is used for the phase 1 or IKE (Internet Key Exchange) component of an IPsec VPN connection.

  • Protocol 50 - This is used for the phase 2 or ESP (Encapsulated Security Payload) component of an IPsec VPN connection only when negotiating with native IPsec.

  • UDP port 4500** - This is used for the phase 2 or ESP (Encapsulated Security Payload) component of an IPsec VPN connection when using NAT-Traversal Encapsulation.

*VNS3:vpn and VNS3:net Lite Edition will not require UDP ports 1195-1197 access as it is not licensed for Controller Peering.
_** Some public cloud providers require IPsec connections to use NAT-Traversal encapsulation on UDP port 4500_

Updated on 14 Aug 2019

Table of Contents