VNX : Replication ports configuration via firewall
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
This is how to guide for Replicator V2 configuration via Firewall
Following ports need to be allowed on firewall
DM Replication Interface (IP) Ports to be allowed : 5085, 8887, 8888
Control Stations Source to Destination (2 way) : Port 443
ICMP between CS/DMs IP addresses
If data mover Production/Other interfaces IP addresses are on same subnet as Replication IP, then all the production interfaces also need to be configured on firewall with above ports, because, Data Mover may use any interfaces on same subnet to respond, not necessarily the replication interface. So it is best to configure separate subnet for Replication to avoid this.
Example 1:
SRC CS: 10.0.0.1
SRC DM Interfaces: 10.0.0.10, 10.0.0.11, 10.0.0.12, Replication interface IP : 10.0.0.15
DST CS: 10.0.0.2
DST DM Interfaces: 10.0.0.20, 10.0.0.21, 10.0.0.22, Replication interface IP : 10.0.0.25
In the above scenario, replication interface is same subnet as data movers other IPs, in this case, all the data mover interfaces need to be permitted on firewall with ports 5085/8887/8888, so best is to move the replication interfaces to different subnet
Example 2:
SRC CS: 10.0.0.1
SRC DM Interfaces: 10.0.0.10, 10.0.0.11, 10.0.0.12, Replication interface IP : 10.0.1.15/mask: 255.255.240.0
DST CS: 10.0.0.2
DST DM Interfaces: 10.0.0.20, 10.0.0.21, 10.0.0.22, Replication interface IP : 10.0.1.25/mask: 255.255.240.0
Here, the replication interface is on a separate subnet which is recommended configuration.
Following ports need to be allowed on firewall
DM Replication Interface (IP) Ports to be allowed : 5085, 8887, 8888
Control Stations Source to Destination (2 way) : Port 443
ICMP between CS/DMs IP addresses
If data mover Production/Other interfaces IP addresses are on same subnet as Replication IP, then all the production interfaces also need to be configured on firewall with above ports, because, Data Mover may use any interfaces on same subnet to respond, not necessarily the replication interface. So it is best to configure separate subnet for Replication to avoid this.
Example 1:
SRC CS: 10.0.0.1
SRC DM Interfaces: 10.0.0.10, 10.0.0.11, 10.0.0.12, Replication interface IP : 10.0.0.15
DST CS: 10.0.0.2
DST DM Interfaces: 10.0.0.20, 10.0.0.21, 10.0.0.22, Replication interface IP : 10.0.0.25
In the above scenario, replication interface is same subnet as data movers other IPs, in this case, all the data mover interfaces need to be permitted on firewall with ports 5085/8887/8888, so best is to move the replication interfaces to different subnet
Example 2:
SRC CS: 10.0.0.1
SRC DM Interfaces: 10.0.0.10, 10.0.0.11, 10.0.0.12, Replication interface IP : 10.0.1.15/mask: 255.255.240.0
DST CS: 10.0.0.2
DST DM Interfaces: 10.0.0.20, 10.0.0.21, 10.0.0.22, Replication interface IP : 10.0.1.25/mask: 255.255.240.0
Here, the replication interface is on a separate subnet which is recommended configuration.
Products
VNX1 Series, VNX2 SeriesArticle Properties
Article Number: 000022819
Article Type: How To
Last Modified: 07 Nov 2025
Version: 5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.