XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: Documentation, Installation
Labels:
- team-triaged
- triaged

Blocked:
False
AssignedTeam:
sat-rocket

Release Note Type:
None
Release Note Text:
None
Release Note Status:
None

PX Impact Score:
SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Test Coverage:
None

[Installing Satellite Server in a connected network environment | Red Hat Satellite | 6.17 | Red Hat Documentation|https://docs.redhat.com/en/documentation/red_hat_satellite/6.17/html-single/installing_satellite_server_in_a_connected_network_environment/index#Port_and_firewall_requirements_satellite]

Here are a couple of scenarios that would be helpful.

They are broken up so they match more what the firewall team wants to see.

Red Hat Satellite Firewall Scenarios

Scenario 1: Satellite and Clients

This scenario includes a Satellite server connected to the Internet and a set of client systems. The Satellite provides only content/patching services. There are two firewalls:

FW1: Between Satellite and Internet
FW2: Between Satellite and Clients
Clients communicate directly with the Satellite.

Network Diagram:

FW1: Satellite → Internet

Source	Destination	Port	Protocol	Purpose
Satellite	cdn.redhat.com	443	TCP	Content sync
Satellite	console.redhat.com	443	TCP	Insights, telemetry
Satellite	DNS servers	53	TCP/UDP	DNS resolution (optional)
Satellite	Remote repos	80	TCP	HTTP content sync (optional)

FW2: Clients → Satellite

Source	Destination	Port	Protocol	Purpose
Clients	Satellite	443	TCP	Registration, content retrieval
Clients	Satellite	80	TCP	Registration completion notice
Clients	Satellite	8000	TCP	Provisioning templates (optional)

Scenario 2: Satellite, Capsule, and Clients

This scenario includes a Satellite server, one or more Capsules, and client systems. The Satellite provides content to Capsules, and Capsules serve the clients. There are three firewalls:

FW1: Between Satellite and Internet
FW2: Between Satellite and Capsules
FW3: Between Capsules and Clients
Clients communicate only with the Capsules.

Network Diagram:

FW1: Satellite → Internet

Source	Destination	Port	Protocol	Purpose
Satellite	cdn.redhat.com	443	TCP	Content sync
Satellite	console.redhat.com	443	TCP	Insights, telemetry
Satellite	DNS servers	53	TCP/UDP	DNS resolution (optional)
Satellite	Remote repos	80	TCP	HTTP content sync (optional)

FW2: Satellite ↔ Capsule

Source	Destination	Port	Protocol	Purpose
Capsule	Satellite	443	TCP	Capsule API
Capsule	Satellite	9090	TCP	Capsule management
Satellite	Capsule	443	TCP	Content mirroring
Satellite	Capsule	9090	TCP	Capsule API

FW3: Clients → Capsule

Source	Destination	Port	Protocol	Purpose
Clients	Capsule	443	TCP	Registration, content retrieval
Clients	Capsule	80	TCP	Registration completion notice
Clients	Capsule	8000	TCP	Provisioning templates (optional)

Assignee:: Unassigned

Reporter:: Jerry Williams (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2025/06/12 11:40 PM

Updated:: 2025/12/16 2:30 PM

Details

Description

Scenario 1: Satellite and Clients

FW1: Satellite → Internet

FW2: Clients → Satellite

Scenario 2: Satellite, Capsule, and Clients

FW1: Satellite → Internet

FW2: Satellite ↔ Capsule

FW3: Clients → Capsule

Attachments

Easy Agile Planning Poker

Activity

People

Dates