Table of contents

Container Firewall rules

If you are using the agent version 11.2 or later to protect containers that use an overlay network, you may need to add some Firewall rules to allow network traffic for the Swarm or Kubernetes services because the default Firewall rules block that traffic.

Kubernetes Firewall rules

If you are using Kubernetes, add the following rules to bypass the Kubernetes communication traffic and export service traffic:

Name Action Type Priority Direction Frame Type Protocol Source IP Source Port Destination IP Destination Port
HTTP incoming TCP 80 destination port Force Allow 0 - Lowest Incoming IP TCP Any N/A Any 80
HTTP outgoing TCP 80 source port Force Allow 0 - Lowest Outgoing IP TCP Any 80 Any Any
K8s incoming TCP 10054 port Force Allow 0 - Lowest Incoming IP TCP Any Any Any 10054
K8s outgoing TCP 10054 port Force Allow 0 - Lowest Outgoing IP TCP Any Any Any 10054
K8s outgoing TCP 443 port Force Allow 0 - Lowest Outgoing IP TCP Any Any Any 443
K8s outgoing TCP 6443 port Force Allow 0 - Lowest Incoming IP TCP Any Any Any 6443
K8s outgoing TCP 6443 port Force Allow 0 - Lowest Outgoing IP TCP Any Any Any 6443
K8s outgoing TCP 8081 port Force Allow 0 - Lowest Incoming IP TCP Any Any Any 8081
K8s outgoing TCP 8081 port Force Allow 0 - Lowest Outgoing IP TCP Any Any Any 8081
K8s outgoing UDP 8472 port Force Allow 0 - Lowest Outgoing IP UDP Any Any Any 8472
K8s outgoing UDP 8285 port Force Allow 0 - Lowest Outgoing IP UDP Any Any Any 8285
K8s outgoing UDP 8285 port Force Allow 0 - Lowest Incoming IP UDP Any Any Any 8285

Swarm Firewall rules

If you are using Swarm, add the following rules to bypass the Kubernetes communication traffic and export service traffic:

Name Action Type Priority Direction Frame Type Protocol Source IP Source Port Destination IP Destination Port
HTTP incoming TCP 80 destination port Force Allow 0 - Lowest Incoming IP TCP Any N/A Any 80
HTTP outgoing TCP 80 source port Force Allow 0 - Lowest Outgoing IP TCP Any 80 Any Any
Swarm outgoing TCP 443 port Force Allow 0 - Lowest Outgoing IP TCP Any Any Any 443
Swarm incoming TCP 2377, 4789, 7946, 60012 port Force Allow 0 - Lowest Incoming IP TCP+UDP Any Any Any 2377, 4789, 7946, 60012
Swarm outgoing TCP 2377, 4789, 7946, 60012 port Force Allow 0 - Lowest Outgoing IP TCP+UDP Any 2377, 4789, 7946, 60012 Any Any