Skip to content

Networking connections (EMEA)

VSatellite requires connectivity with specific endpoints and ports over HTTPS when running the VSatellite install.

IMPORTANT!

For our customers in the United States, see Networking connections (US).

Required endpoints

  • dl.venafi.cloud:443
  • registry.venafi.cloud:443
  • vsat-gw.venafi.eu:9443
  • vsat-gw.venafi.eu:443
  • vsat-login.venafi.eu:443

Verifying connectivity to required endpoints

To quickly verify connectivity to the required endpoints, you could use the cURL utility to request headers from each base URL. For example:

curl -I https://dl.venafi.cloud

curl -I https://vsat-gw.venafi.eu

If your connection is successful, you'll get a 404 error, which confirms that you did connect to the endpoints successfully.

If you don't have cURL, you can install it on Ubuntu using apt-get install curl or on RHEL using yum install curl.

Firewall configuration for VSatellite

Certain network ports must be open for VSatellites to function correctly. This is particularly important for enterprise environments where disabling the firewall (firewalld) is not a viable option.

Necessary ports

Ensure the following ports are open:

  • TCP Ports: 6443, 10250

These ports facilitate various functionalities essential for VSatellite.

Configuring firewalld

To open the required ports, use the firewall-cmd command. Here are the commands for the necessary TCP and UDP ports:

firewall-cmd --permanent --add-port=6443/tcp

firewall-cmd --permanent --add-port=10250/tcp

After adding the ports, reload the firewall to apply the changes:

firewall-cmd --reload

Changing the default VSatellite (10.x.x.x) network CIDR range

To override the default VSatellite network CIDR ranges, you can set the following environment variables before installing VSatellite.

We recommend using these settings if you are installing VSatellite on the 10.x.x.x network. For example:

export VSATELLITE_CLUSTER_CIDR=192.168.0.0/24  (default: 10.42.0.0/16)

export VSATELLITE_SERVICE_CIDR=192.168.1.0/24  (default: 10.43.0.0/16)

Use CIDR ranges that do not conflict with any of your internal networks.