The entire list of firewall rules that need to be configured to support every permutation of Cloud Foundation on VxRail is extensive, and is out of scope for this guide. As part of delivery engagement, Dell professional services will work with a customer’s network administrators to identify all firewall rules that need to be configured before starting a Cloud Foundation on VxRail deployment.
Depending on your company’s security policies, if a firewall or firewall rules are in place between Cloud Foundation on VxRail VLANs (for example, between the management network of the Management Domain and a VI Workload Domain), then an extensive list of ports must be opened. You can research the list at https://ports.vmware.com/home. For simplicity’s sake, an any-any trust rule between any of these pairs of subnets is the most practical option.
The following basic firewall rules must be in place: