HP Serviceguard Version A.11.17 Release Notes, March 2006 (revised)
Serviceguard Version A.11.17 Release Notes
Compatibility Information and Installation Requirements
Chapter 122
Additional firewall considerations enable execution of Serviceguard
commands from nodes outside the cluster, such as those listed in
cmclnodelist. To allow this, follow the guidelines below.
All nodes in the cluster must allow the following communications:
• from the remote nodes:
— tcp on ports 5302 - and allow only packets with the SYN flag
— udp on port 5302
• to the remote nodes:
— tcp and udp on port numbers 49152-65535
The remote nodes must allow the following communications:
• from the cluster nodes
— tcp and udp on port numbers 49152-65535
• to the cluster nodes
— tcp on ports 5302 - and allow only packets with the SYN flag
— udp on port 5302
• Serviceguard also uses the "discard" port (9) for its network probing,
so this port must also be open, at least during configuration.
Cluster Object Manager (COM) nodes
If you are using a Cluster Object Manager (COM) on a node outside of
the cluster to provide connections to Serviceguard Manager or
Continental Clusters clients, follow these rules.
Each node in the cluster must allow the following communications:
•from the COM node
— tcp on ports 5302 - and allow only packets with the SYN flag
— udp on port 5302
• to the COM node
— tcp and udp on port numbers 49152-65535 from the cluster nodes
The node running the COM must allow the following communications: