Network security
Infrastructure provides virtual LAN (VLAN) isolation between different tenants, which are enforced at Virtual I/O Server (VIOS) and physical switches and routers.
Default firewall ports
The Power® Virtual Server network security architecture relies on a set of fixed firewall ports open on the Juniper vSRX firewalls:
There are plans to add the ability to dynamically configure the firewall rules in the future.
- 22 (SSH)
- 443 (HTTPS)
- 992 (IBM i5250 emulation SSL)
- ICMP traffic
The following firewall ports are also open, typically used for IBM i logical partitions (LPARs):
- 2005
- 2007
- 2010
- 2012
- 9470
- 9475
- 9476
The port 6443 is also open for miscellaneous purposes. This port will not be open for the WDC04 and DAL13 data centers.
If you need extra ports to be opened, you can consider customer-specific firewall option that is currently available by using an IBM Cloud firewall, such as Vyatta, Juniper vSRX, or FortiGate, and by connecting to Power Systems™ Virtual Server by using Direct Link Connect. To understand the Power Systems™ Virtual Server connection methods, see Network architecture diagrams.