Skip to main content



Cisco Defense Orchestrator

Additional Configuration for SDCs and CDO Connectors Installed on Your VM Image

If you installed your SDC or CDO Connector on your own CentOS 7 virtual machine, you need to perform one of the following additional configuration procedures to allow events to reach the SEC.  

  •  Disable the firewalld service on the CentOS 7 VM. This matches the configuration of the Cisco-provided SDC or CDO Connector VM. 
  •  Add firewall rules to allow into the VM the expected eventing traffic for the SEC. This is a more granular approach to allowing inbound event traffic.

Disable the firewalld service on the CentOS 7 VM

  1. Log into the CLI of the SDC or CDO Connector VM as the "cdo" user.
  2. Stop the firewalld service, and then ensure that it will remain disabled upon subsequent reboots of the VM. If you are prompted, enter the password for the "cdo" user:
[cdo@SDC-VM ~]$ sudo systemctl stop firewalld
[cdo@SDC-VM ~]$ sudo systemctl disable firewalld

3. Restart the Docker service to re-insert Docker-specific entries into the local firewall:

[cdo@SDC-VM ~]$ sudo systemctl restart docker

Allow the firewalld service to run and add firewall rules to allow VM event traffic to reach the SEC

  1. Log into the CLI of the SDC VM or CDO Connector as the "cdo" user.
  2. Add local firewall rules to allow incoming traffic to the SEC from the TCP, UDP, or NSEL ports you configured. See Finding Your Device's TCP, UDP, and NSEL Port Used for Cisco Security Analytics and Logging for the ports used by your SEC. If prompted, enter the password for the "cdo" user. Here is an example of the commands. You may need to specify different port values.
[cdo@SDC-VM ~]$ sudo firewall-cmd --zone=public --permanent --add-port=10125/tcp
[cdo@SDC-VM ~]$ sudo firewall-cmd --zone=public --permanent --add-port=10025/udp
[cdo@SDC-VM ~]$ sudo firewall-cmd --zone=public --permanent --add-port=10425/udp
  1. Restart the firewalld service to make the new local firewall rules both active and persistent:
[cdo@SDC-VM ~]$ sudo systemctl restart firewalld
  • Was this article helpful?