2. Home
  4. Docs
  6. CCX
  8. How-To
  10. Database Access
  12. Trusted Source

Trusted Source

An entry in the Firewall must be created in order to allow any database client, such as an application server to connect to the database deployment.

Go to CCX → choose data store → Firewall → Add Trusted Source to create a new firewall entry.

Add Trusted Client

Field Description
Source
  • This is the IP address (in CIDR) format allowed to connect to the database deployment (please note that you must also create a database user that is allowed to access the database nodes). In this screenshot, we have specified that 192.168.100.23/32 is allowed to connect.
  • If you use a VPC, then you may not specify a public IP address here as the database nodes are not configured with any public access.
Description
  • Optional. A friendly name or description.

Press Submit and the firewall entry is created allowing the Source to connect. The Source is allowed by default (depending on the database used in the deployment) to connect to a number of ports.

Firewall Rules

The following ports may be set:

Vendor Application Port Description
MariaDB and Percona MySQL 3306 This port is used to connect directly to a MariaDB or Percona database server.
ProxySQL 6033 This port is used to connect to a ProxySQL load balancer.
6032 This port is used to connect to the administration module of ProxySQL.
PostgreSQL PostgreSQL 5432 This port is used to connect directly to a PostgreSQL server.
HAProxy 5433 This port is used to connect to an HAProxy load balancer, for read-write connections.
5434 This port is used to connect to an HAProxy load balancer, for read-only connections.
Note

You may delete ports that you do not wish to expose.

Was this article helpful to you? Yes No