We are using Avi networks on AWS and I have everything set up, but with relaxed Security Group settings.
I would like to tighten the security on the controller instance. So I was wondering which ports needed to be open on the controller's security group, and from which source IP(s)/range(s) they should accept connections from.
The Avi Controller requires port 443 for UI access and uses ports 8443 and 22 for communication with the service engines; hence ports 443, 8443 and 22 need to be open on the controller's security group. As for the source IP's, you will want to include any IP addresses/ranges that will need access to the controller UI.