If you are using version 11.2+ agents to protect containers that use an overlay network,
you may need to add some Firewall rules to allow network traffic for the Swarm or
Kubernetes services because the default Firewall rules block that traffic.
Kubernetes Firewall rules
If you are using Kubernetes, add the following rules to bypass the k8s communication
traffic and export service traffic:
|
Name
|
Action Type
|
Priority
|
Direction
|
Frame Type
|
Protocol
|
Source IP
|
Source Port
|
Destination IP
|
Destination Port
|
|
HTTP incoming TCP 80 destination port
|
Force Allow
|
0 - Lowest
|
Incoming
|
IP
|
TCP
|
Any
|
N/A
|
Any
|
80
|
|
HTTP outgoing TCP 80 source port
|
Force Allow
|
0 - Lowest
|
Outgoing
|
IP
|
TCP
|
Any
|
80
|
Any
|
Any
|
|
K8s incoming TCP 10054 port
|
Force Allow
|
0 - Lowest
|
Incoming
|
IP
|
TCP
|
Any
|
Any
|
Any
|
10054
|
|
K8s outgoing TCP 10054 port
|
Force Allow
|
0 - Lowest
|
Outgoing
|
IP
|
TCP
|
Any
|
Any
|
Any
|
10054
|
|
K8s outgoing TCP 443 port
|
Force Allow
|
0 - Lowest
|
Outgoing
|
IP
|
TCP
|
Any
|
Any
|
Any
|
443
|
|
K8s outgoing TCP 6443 port
|
Force Allow
|
0 - Lowest
|
Incoming
|
IP
|
TCP
|
Any
|
Any
|
Any
|
6443
|
|
K8s outgoing TCP 6443 port
|
Force Allow
|
0 - Lowest
|
Outgoing
|
IP
|
TCP
|
Any
|
Any
|
Any
|
6443
|
|
K8s outgoing TCP 8081 port
|
Force Allow
|
0 - Lowest
|
Incoming
|
IP
|
TCP
|
Any
|
Any
|
Any
|
8081
|
|
K8s outgoing TCP 8081 port
|
Force Allow
|
0 - Lowest
|
Outgoing
|
IP
|
TCP
|
Any
|
Any
|
Any
|
8081
|
|
K8s outgoing UDP 8472 port
|
Force Allow
|
0 - Lowest
|
Outgoing
|
IP
|
UDP
|
Any
|
Any
|
Any
|
8472
|
|
K8s outgoing UDP 8285 port
|
Force Allow
|
0 - Lowest
|
Outgoing
|
IP
|
UDP
|
Any
|
Any
|
Any
|
8285
|
|
K8s outgoing UDP 8285 port
|
Force Allow
|
0 - Lowest
|
Incoming
|
IP
|
UDP
|
Any
|
Any
|
Any
|
8285
|
Swarm Firewall rules
If you are using Swarm, add the following rules to bypass the k8s communication traffic
and export service traffic:
|
Name
|
Action Type
|
Priority
|
Direction
|
Frame Type
|
Protocol
|
Source IP
|
Source Port
|
Destination IP
|
Destination Port
|
|
HTTP incoming TCP 80 destination port
|
Force Allow
|
0 - Lowest
|
Incoming
|
IP
|
TCP
|
Any
|
N/A
|
Any
|
80
|
|
HTTP outgoing TCP 80 source port
|
Force Allow
|
0 - Lowest
|
Outgoing
|
IP
|
TCP
|
Any
|
80
|
Any
|
Any
|
|
Swarm outgoing TCP 443 port
|
Force Allow
|
0 - Lowest
|
Outgoing
|
IP
|
TCP
|
Any
|
Any
|
Any
|
443
|
|
Swarm incoming TCP 2377, 4789, 7946, 60012 port
|
Force Allow
|
0 - Lowest
|
Incoming
|
IP
|
TCP+UDP
|
Any
|
Any
|
Any
|
2377, 4789, 7946, 60012
|
|
Swarm outgoing TCP 2377, 4789, 7946, 60012 port
|
Force Allow
|
0 - Lowest
|
Outgoing
|
IP
|
TCP+UDP
|
Any
|
2377, 4789, 7946, 60012
|
Any
|
Any
|