SteelFusion Core behind firewall -- Best Practices

Categories:

Principal Article, SteelFusion Core

Solution Number:

S27500

Last Modified:

2017-05-05

Issue

SteelFusion Core behind firewall. What are the requirements and best Practices?

Solution

Details:

Requirement:

1. Firewall Ports 22,443,25, 7970,7990, 7950, 7951, 7952, 7953,and 7954 must be open.

2. Virus scanning, deep packet inspection (IDS) and other features that scan the traffic SHOULD be turned OFF

FAQ:

Q: If virus scanning and packet inspection are turned off SAN LUN can be infected with viruses, how to deal with this?

A: Virus scanning software must be installed on Servers that are using the LUNs and Clients that are writing to the LUN. In case virus got into LUN hosted by SF Edge, devices like Firewalls and virus scanners should not prevent Edge device to commit the data (which is written by an infected client) to SAN. If Edge is prevented to commit this data whole commit chain will be stuck leading to Edge blockstore getting full and LUNs getting deactivated.

Q:What is src ip address we should use for firewall rules?

A: We recommend to add all the interface IPs of Edge devices including inpath IPs. If Edge HA is used, please add IP addresses of standby Edge also

Related Bugs

Attachments

Related Files

NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.

Can't find an answer? Create a case