From what I read in the documentation, the ports 8443 should be meant for communication in-between:
1. AG and Managed Nodes
2. OA and Managed Nodes
but it isn't meant for communication in-between Managed Nodess in a Managed Cluster right?
Solved! Go to Solution.
Hello @Wai Keat C.
8443 for Managed versions earlier than 1.166
Dynatrace environments with a cluster version earlier than 1.166 use port
8443. New Dynatrace environments still use port
8443, but this port doesn't need to be exposed to the outside of the cluster nodes. Upgraded Dynatrace environments preserve port settings from the previous version. As a result, it is possible to have an upgraded Dynatrace environment that still uses port
If you have HA architecture, and you are asking about communication between Dynatrace colusters, than no, this port does not have to be open. In other cases, look on Babar's answer.
I'm not absolutely sure here, but I think the communication port (443 or 8443 by default depending on the version and configuration) it is used at least while deploying a new node (seed process). I think you should have the communication port open while adding the cluster node. Adding a new node configures firewall rules at the added node as well at the existing nodes.
I would not recommend to play with the firewall rules at the cluster node unless necessary and only if you really know what you are doing.
I would really recommend having the 443/8443 port opened globally.
I have the same question:
What is the impact of closing this port ? knowing that we install Dynatrace recently and get a message from Security team
We performed VA rescan for the Dynatrace servers, still the port was open ,still the vulnerability” Multiple Cross-Site Scripting Vulnerabilities Detected” detected.
Thanks & Regards,