From 6bc59c3022c30a97c64652bf896ca7c697b70cba Mon Sep 17 00:00:00 2001
From: Luana Mincu <luana.mincu@enea.com>
Date: Thu, 7 Jan 2021 19:27:42 +0200
Subject: ELCCR-1222: ports used by uCPEM need to be open by corporate firewall

Change-Id: Id6ffa2af518d6a606e1bebc8c029119c5afa0b6c
---
 .../doc/installation_guide.xml                          | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/doc/book-enea-nfv-access-getting-started/doc/installation_guide.xml b/doc/book-enea-nfv-access-getting-started/doc/installation_guide.xml
index d3c8584..368f908 100644
--- a/doc/book-enea-nfv-access-getting-started/doc/installation_guide.xml
+++ b/doc/book-enea-nfv-access-getting-started/doc/installation_guide.xml
@@ -218,14 +218,6 @@ sudo systemctl mask now firewalld</programlisting>
               <entry>Required for Call Home, only if uCPE devices are used 
                 that have an Enea NFV Access version older than 2.4.0.</entry>
             </row>
-
-            <row>
-              <entry>7000:7010</entry>
-
-              <entry>TCP</entry>
-
-              <entry>Required for Reverse SSH.</entry>
-            </row>
           </tbody>
         </tgroup>
       </table>
@@ -239,8 +231,15 @@ sudo firewall-cmd --permanent --add-port=54327/udp
 sudo firewall-cmd --permanent --add-port=5701-5708/tcp
 sudo firewall-cmd --permanent --add-port=4334/tcp
 sudo firewall-cmd --permanent --add-port=2021-2040/tcp
-sudo firewall-cmd --permanent --add-port=7000-7010/tcp
 sudo firewall-cmd --reload</programlisting>
+
+      <note>
+        <para>If the uCPE Manager host resides behind a corporate
+        port-filtering firewall, then all the aforementioned ports need to
+        also be enabled on the respective firewall. As an additional
+        requirement, port 22/TCP also needs to be enabled for reverse SSH to
+        the Enea uCPE Manager.</para>
+      </note>
     </section>
 
     <section id="openjdk_postgresql_config">
-- 
cgit v1.2.3-54-g00ecf