Required Communication Ports
Open ports and services that run on the Apstra server are listed in the table below. A running iptables instance ensures that network traffic to and from the Apstra server is restricted to the services listed.
Source | Destination | Protocol | Description |
---|---|---|---|
User workstation | Apstra Server | tcp/22 (ssh) | CLI access to Apstra server |
User workstation | Apstra Server | tcp/80 (http) | Redirects to tcp/443 (https) |
User workstation | Apstra Server | tcp/443 (https) | GUI and REST API |
Network Device for device agents | Apstra Server | tcp/80 (http) | Redirects to tcp/443 (https) |
Network Device or Off-box Agent | Apstra Server | tcp/443 (https) | Device agent installation and upgrade, Rest API |
Network Device or Off-box Agent | Apstra Server | tcp/29730-29739 | Agent binary protocol (Sysdb) |
ZTP Server | Apstra Server | tcp/443 (https) | Rest API for Device System Agent Install |
Apstra Server | Network Devices | tcp/22 (ssh) | Device agent installation and upgrade |
Off-box Agent | Network Devices | tcp/443 (https) tcp/9443 (nxapi) tcp/830 (for Junos) | Management from Off-box Agent |