Network Connectivity and Firewall Requirements
DC Assurance requires specific outbound and inbound network connectivity from your Apstra VM and Flow server to cloud services and internal systems. Your network and security teams must configure firewall rules to permit traffic on these ports and to the required endpoints.
The following table summarises the critical ports and services required:
| Direction | Portal Name | Port | Description |
|---|---|---|---|
| Outbound | DC Assurance Portal | TCP 443 | Access to dc.ai.juniper.net |
| Outbound | Apstra Edge to Cloud | TCP 443 | Connection to ep-term.ai.juniper.net |
| Outbound | Apstra Edge to Apstra Controller | TCP 443 | Retrieve blueprints and anomalies |
| Outbound | Apstra Edge to OpenSearch | TCP 9200 | Query sFlow and analytics data |
| Outbound | vCenter API (if configured) | TCP 443 | Query VM inventory data |
For the complete and up-to-date port configuration, refer to the Juniper documentation at Configure Ports.
Note:
AWS S3 bucket access uses dynamic IP addresses. Configure firewall rules using FQDN-based rules rather than IP-based rules where possible. This ensures your rules automatically track IP address changes without requiring ongoing maintenance.