VOS uses the following ports for specific services as mentioned, if DNAT or Basic NAT-44 is configured for the below ports, then traffic will be consumed by the mentioned service before it hits the CGNAT service.
| SNO | Protocol | Port number | Service |
| 1 | TCP | 22 | SSH |
| 2 | TCP | 1020 to 1120 | Versa Director HA |
| 4 | TCP | 3000 to 3003 | Versa Director HA |
| 6 | TCP | 9878 | Versa Director HA |
| 7 | UDP | 53 | DNS |
| 8 | UDP | 67 and 68 | DHCP |
| 9 | UDP | 123 | NTP |
| 10 | UDP | 4500 | IKE/IPSEC |
| 11 | UDP | 500 | IKE/IPSEC |
| 12 | UDP | 3066 | CMPv2 |
| 13 | UDP | 3067 | OSCP |
| 14 | UDP | 3784 and 4784 | BFD |
| 15 | UDP | 4790 | VXLAN SDWN |
| 16 | UDP | 9201 | DHCP Lease sync |
| 17 | UDP | 3002 and 3003 | HA |
NOTE:
If you would like to use any of the above ports then use different IP from the WAN Pool which is not part of any interface.
If you have deployed Versa devices in active-active, please follow below steps to configure DNAT or basic nat-44 over any of above ports:
- Configure NAT pool for IP which is not part of any VOS interfaces including VRRP VIP.
- Disable Proxy ARP under CGNAT rule created for DNAT or Basic nat-44 on both Active-Active VOS devices
- Configure Proxy ARP under interface interface on both Active-Active devices for IP used in NAT pool.
- Configure VRRP on both Active-Active devices with one has master and other as backup by adjusting priority and configure VIP on IP which is not same as IP used in NAT pool.
