SteelFusion Core behind firewall. What are the requirements and best Practices?
SteelFusion Core behind firewall. What are the requirements and best Practices?
Details:
Requirement:
1. Firewall Ports 22,443,25, 7970,7990, 7950, 7951, 7952, 7953,and 7954 must be open.
2. Virus scanning, deep packet inspection (IDS) and other features that scan the traffic SHOULD be turned OFF
FAQ:
Q: If virus scanning and packet inspection are turned off SAN LUN can be infected with viruses, how to deal with this?
A: Virus scanning software must be installed on Servers that are using the LUNs and Clients that are writing to the LUN. In case virus got into LUN hosted by SF Edge, devices like Firewalls and virus scanners should not prevent Edge device to commit the data (which is written by an infected client) to SAN. If Edge is prevented to commit this data whole commit chain will be stuck leading to Edge blockstore getting full and LUNs getting deactivated.
Q:What is src ip address we should use for firewall rules?
A: We recommend to add all the interface IPs of Edge devices including inpath IPs. If Edge HA is used, please add IP addresses of standby Edge also