What is the recommended firewall configuration for Vertica?

What is the recommended firewall configuration for Vertica?


  • Options
    Vertica recommends removing firewalls between nodes in the cluster. If you are running your cluster on private interfaces, a firewall is not needed. A firewall on the public side should only need port 5433 open. A database cluster should depend preferably on an external firewall provided by a gateway rather than Linux. Vertica is designed for the server processes in the cluster machines to work together as though they were a single powerful machine. Firewalls can slow network throughput even with the necessary ports open. If you must use firewalls, open the following ports on each host. Vertica 5433 TCP (All client connections) 32768-61000 TCP (server <-> server) Dynamic ports , range depends on OS configuration, check /proc/sys/net/ipv4/ip_local_port_range ) Spread 4803 TCP (Client connections) 4803 UDP (Daemon <-> Daemon) 4804 UDP (Daemon <-> Daemon) 4805 UDP (Monitor to Daemon) (optional and only if "DangerousMonitor = yes" in config file) Administration tools (adminTools, install_vertica) 22 TCP (SSH connections within cluster) Again, Vertica does not recommend having firewall rules for the private network interfaces.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file