perfSONAR Firewall Requirements
perfSONAR Port Requirements / Firewall Rules
perfSONAR includes many services, each of which requires one or more open ports. If you are deploying perfSONAR behind a firewall you will need to change your firewall configuration to allow the following incoming and outgoing ports. Note that in general it is not recommended to run a 10G (or greater) perfSONAR server behind a firewall, as many firewalls can't handle high-speed flows. Also note that pScheduler, bwctl and owamp provide their own mechanisms to limit what can connect.
perfSONAR hosts have a default iptables ruleset that is enabled for all required ports. A summary of all required ports for perfSONAR Toolkit operation can be found on the perfSONAR website.
ESnet's perfSONAR hosts are in subnets listed on this page.