Free MuleSoft CONNECT Keynote & Expo Pass Available!

Register now+
Nav

About VPC Firewall Rules

In CloudHub’s default configuration, all applications are hosted in a multi-tenant cloud balanced by a publicly accessible load balancer.
When creating your own isolated network, you can use your own firewall rules to allow specific IP ranges and ports from reaching your workers. Keep in mind that the Firewall rules that you configure in your VPC check inbound connections only to your workers, and not to the VPC or your dedicated load balancer.

All traffic to your VPC is blocked, unless it’s allowed in a firewall rule. When creating a VPC, 4 firewall rules are created by default:

  • 2 rules to allow inbound connections from your local VPC from ports 8091 and 8092:

    
                
             
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    
    {
      "CIDR Block": "10.111.0.0/24", // (Local VPC)
      "Protocol": "TCP",
      "From port": 8092,
    },
    
    {
      "CIDR Block": "10.111.0.0/24", // (Local VPC)
      "Protocol": "TCP",
      "From port": 8091,
    },

    These firewall rules allow traffic from the VPC to reach your workers through ports 8091 and 8092. These are the only ports used by your CloudHub dedicated load balancer to proxy all external communications to your workers through.

  • 2 rules to allow inbound connections from anywhere through ports 8081 and 8082:

    
                
             
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    
    {
      "CIDR Block": "0.0.0.0/0", // (Anywhere)
      "Protocol": "TCP",
      "From port": 8082,
    },
    
    {
      "CIDR Block": "0.0.0.0/0", // (Anywhere)
      "Protocol": "TCP",
      "From port": 8081,
    }

    These rules allow traffic from any host to reach your workers through ports 8081 and 8082. These ports are used by CloudHub’s shared load balancer to proxy external requests to your workers. You can remove these rules if you don’t want your internal workers to be reached by the publicly accessible load balancer.

In this topic: