Firewall Setup

In a typical on-premise installation, the cluster is installed behind an access firewall, providing network address translations between the public and private address spaces. Always allow access for CloudOps management of the cluster. The standard deployment of ExtremeCloud Edge requires 4 Public IP addresses to front-end the installation. They are mapped to forward traffic into the four VRRP IP addresses of the service sets.

During system setup, the following configuration settings are critical to the deployment:

Default Gateway: Each node in the cluster supports a single default gateway (0.0.0.0/0) definition. This gateway must be mapped to a next-hop attached on the data port interface.
Note
Do not configure the default gateway to map to the Inter-Cluster Connection (ICC) interface. The ICC is an internal connection between systems that is not used for management or operation of the cluster.
DNS server: At least one reachable DNS server must be configurable, allowing the system to resolve several URLs during installation and interaction with ExtremeCloud IQ and CloudOps functions.
Network Time Protocol (NTP) Servers: At least one reachable NTP, allowing the system to synchronize its time with a trusted time source. The same NTP must be configured, in the same order, on all nodes in the cluster.
A best practice is to have two NTP definitions to support availability of the primary server. If there is an issue with the primary server, the system resorts to the alternate server.