NOTE: This Knowledge Base item will be adjusted as more is learned about CBX. This DOES NOT supersede the existing network components but complements them. Ports are TCP unless noted.
In addition to the routes listed in the CU*Asterisk Network Requirements Knowledge Base item, self-processors must also route the following to CU*Answers:
-
- 63.236.240.89/32
- 10.10.1.0/24
Requirements for CBX:
CU*Answers requires any CBX environment to be in an isolated, sole-purposed DMZ to protect you from our network and to protect us from your network.
Any distributed environment requires a load balancer with sticky sessions to function properly. CU*Answers only supports F5 load balancers.
Our current recommended server sizing for self-processors (not partners) is 4 cores, 16GB RAM, but may need to be adjusted based on actual usage patterns.
Windows Server 2019 and associated licensing is required. At this time, no other OS is supported.
The self-processor network requirements for CBX are the following:
The current MX hub IP is: 10.149.96.231. (This should be routed to the CUA router or Firewall with VPN tunnel to CUA.)
The current Graylog IP is: 10.149.7.247. (This should be routed to the CUA router or Firewall with VPN tunnel to CUA.)
Web server IPs designated by end client config.
iSeries access for sessions
Source: CBX web server (at client)
Destination: Self Processor iSeries (at client)
Ports: ICMP, 21, 397 (TCP and UDP), 449, 515, 992, 6600-6671, 6800-6810, 8000-8020, 8470-8479, 9470-9476
NOTE: SSLDPI may break config. Recommended to exclude known source/destination pairs from SSLDPI.
Hub access for licensing and queries
Source: CBX Web Server (at client)
Destination: CBX Hub (at CUA)
Ports: 443, 1291-1299, 1433, 5432, 8080
NOTE: SSLDPI may break config. Recommended to exclude known source/destination pairs from SSLDPI.
Graylog access for extended agregated logging and tracking
Source: CBX Web Server (at client)
Destination: CUA Graylog (at CUA)
Ports: 443, 9000
NOTE: SSLDPI may break config. Recommended to exclude known source/destination pairs from SSLDPI.
Hub inbound MGMT
Source: CBX Hub (at CUA)
Destination: CBX Web Server (at client)
Ports: 443, 1291-1299, 5432, 8080
NOTE: SSLDPI may break config. Recommended to exclude known source/destination pairs from SSLDPI.
Updates, RMM, DNS
Source: CBX Web Servers
Destination: Internet (route over the internet, not to CUA)
Ports: (BOTH TCP and UDP): 53, 80, 443, 5721
NOTE: SSLDPI may break updates. Recommended to exclude windows updates, trend updates, cloudconnect.cuanswers.com and rmm.cuanswers.com from SSLDPI. 5721 can be locked down to destination of rmm.cuanswers.com and 6180 can be locked down to cloudconnect.cuanswers.com. Ports 53, 80 and 443 should not be locked down to specific hosts due to the dynamic nature of the server components.
Access to CBX
Source: Client machines (gold workstations)
Destination: CBX Web Server
Ports: 443
NOTE: SSLDPI may break config. Recommended to not SSLDPI incoming traffic unless sufficient testing has been completed to verify no affected functions.
Use Alerts to be notified when new information is added or changed in an individual answer or topic of information you care about. All Alert notifications sent in a single email once each day.
or you can subscribe to our RSS feed for this topic by clicking the link below
Subscribe
https://kb.cuanswers.com/cuanswers/ext/kbdetail.aspx?kbid=5581
Please enter your email address.
Please enter a valid email address.
Password not entered
Please choose a password composed of 6 to 20 varied letters, numbers and special characters, without whitespace characters or any of the following special characters: ' " / \ < >
The retype password must be the same as new password to confirm your password change. Please re-enter the retype password.
Creating a profile allows you to ask a question in a secure way and view a history of your past questions. If you have asked questions before, your profile was automatically created using the email address you provided.
 Your inquiry is being encrypted to protect your privacy.
|