theforeman
diff --git a/‎guides/common/assembly_preparing-environment-for-capsule-installation.adoc‎
Lines changed: 1 addition & 1 deletion b/‎guides/common/assembly_preparing-environment-for-capsule-installation.adoc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎guides/common/assembly_preparing-environment-for-project-server-installation.adoc‎
Lines changed: 1 addition & 1 deletion b/‎guides/common/assembly_preparing-environment-for-project-server-installation.adoc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎guides/common/modules/proc_configuring-capsule-default-certificate.adoc‎
Lines changed: 1 addition & 1 deletion b/‎guides/common/modules/proc_configuring-capsule-default-certificate.adoc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎guides/common/modules/proc_deploying-a-custom-ssl-certificate-to-smart-proxy-server.adoc‎
Lines changed: 1 addition & 1 deletion b/‎guides/common/modules/proc_deploying-a-custom-ssl-certificate-to-smart-proxy-server.adoc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎guides/common/modules/proc_enabling-client-connections-to-project-server.adoc‎
Lines changed: 0 additions & 51 deletions b/‎guides/common/modules/proc_enabling-client-connections-to-project-server.adoc‎
Lines changed: 0 additions & 51 deletions
diff --git a/‎guides/common/modules/proc_enabling-connections-to-capsule.adoc‎
Lines changed: 0 additions & 48 deletions b/‎guides/common/modules/proc_enabling-connections-to-capsule.adoc‎
Lines changed: 0 additions & 48 deletions
diff --git a/‎guides/common/modules/proc_opening-required-ports.adoc‎
Lines changed: 83 additions & 0 deletions b/‎guides/common/modules/proc_opening-required-ports.adoc‎
Lines changed: 83 additions & 0 deletions
diff --git a/‎guides/common/modules/proc_registering-capsule-to-satellite-server.adoc‎
Lines changed: 6 additions & 1 deletion b/‎guides/common/modules/proc_registering-capsule-to-satellite-server.adoc‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎guides/common/modules/snip_firewalld.adoc‎
Lines changed: 0 additions & 3 deletions b/‎guides/common/modules/snip_firewalld.adoc‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎guides/common/modules/snip_verify-firewall-settings.adoc‎
Lines changed: 0 additions & 11 deletions b/‎guides/common/modules/snip_verify-firewall-settings.adoc‎
Lines changed: 0 additions & 11 deletions
@@ -20,7 +20,7 @@ include::modules/ref_best-practices-for-optimizing-storage.adoc[leveloffset=+1]
 endif::[]
 
 // Enabling Connections from {ProjectServer} and Clients to a {SmartProxyServer}
-include::modules/proc_enabling-connections-to-capsule.adoc[leveloffset=+1]
+include::modules/proc_opening-required-ports.adoc[leveloffset=+1]
 
 ifdef::parent-context[:context: {parent-context}]
 ifndef::parent-context[:!context:]
@@ -2,7 +2,7 @@
 
 include::modules/con_preparing-environment-for-project-server-installation.adoc[]
 
-include::modules/proc_enabling-client-connections-to-project-server.adoc[leveloffset=+1]
+include::modules/proc_opening-required-ports.adoc[leveloffset=+1]
 
 include::modules/proc_verifying-dns-resolution.adoc[leveloffset=+1]
 
 
@@ -14,7 +14,7 @@ endif::[]
 * {SmartProxyServer} packages are installed.
 For more information, see xref:installing-{smart-proxy-context}-server-packages[].
 * The required ports are open.
-For more information, see xref:common/modules/proc_enabling-connections-to-capsule.adoc#enabling-connections-to-capsule_{context}[].
+For more information, see xref:common/modules/proc_opening-required-ports.adoc#opening-required-ports[].
 
 .Procedure
 
 
@@ -15,7 +15,7 @@ For more information, see xref:Registering_Proxy_to_Server_{smart-proxy-context}
 * {SmartProxyServer} packages are installed.
 For more information, see xref:installing-{smart-proxy-context}-server-packages[].
 * The required ports are open.
-For more information, see xref:common/modules/proc_enabling-connections-to-capsule.adoc#enabling-connections-to-capsule_{context}[].
+For more information, see xref:common/modules/proc_opening-required-ports.adoc#opening-required-ports[].
 
 .Procedure
 . On your {ProjectServer}, generate a certificate bundle:
 
@@ -0,0 +1,83 @@
+:_mod-docs-content-type: PROCEDURE
+
+[id="opening-required-ports"]
+= Opening required ports
+
+For the components of {Project} architecture to communicate, ensure that the required network ports are open and free on the base operating system.
+You must also ensure that the required network ports are open on any network-based firewalls.
+
+[NOTE]
+====
+Some cloud solutions must be specifically configured to allow communications between machines because they isolate machines similarly to network-based firewalls.
+If you use an application-based firewall, ensure that the application-based firewall permits all applications that are listed in the tables and known to your firewall.
+If possible, disable the application checking and allow open port communication based on the protocol.
+====
+
+ifndef::satellite,orcharhino[]
+If you do not use `firewall-cmd` to configure the Linux firewall, implement using the command of your choice.
+endif::[]
+
+.Procedure
+. Optional: If you need to prevent the DHCP {SmartProxy} from pinging hosts to check for available IP addresses, disable DHCP IP address pinging:
++
+[options="nowrap", subs="+quotes,attributes"]
+----
+# {foreman-installer} --foreman-proxy-dhcp-ping-free-ip false
+----
++
+By default, a DHCP {SmartProxy} performs ICMP ping and TCP echo connection attempts to hosts in subnets with DHCP IPAM set to find out if an IP address considered for use is free.
+ifdef::katello,satellite,orcharhino[]
+ifeval::["{context}" == "{project-context}"]
+. Open the ports for clients on {ProjectServer}:
+endif::[]
+ifeval::["{context}" == "{smart-proxy-context}"]
+. Open the ports for clients on {SmartProxyServer}:
+endif::[]
++
+[options="nowrap"]
+----
+# firewall-cmd \
+--add-port="8000/tcp" \
+--add-port="9090/tcp"
+----
+endif::[]
+ifeval::["{context}" == "{project-context}"]
+. Allow access to services on {ProjectServer}:
+endif::[]
+ifeval::["{context}" == "{smart-proxy-context}"]
+. Allow access to services on {SmartProxyServer}:
+endif::[]
++
+[options="nowrap"]
+----
+# firewall-cmd \
+--add-service=dns \
+--add-service=dhcp \
+--add-service=tftp \
+--add-service=http \
+--add-service=https \
+ifndef::katello,satellite,orcharhino[]
+--add-service=foreman-proxy \
+endif::[]
+--add-service=puppetmaster
+----
+. Make the changes persistent:
++
+[options="nowrap", subs="+quotes,verbatim,attributes"]
+----
+# firewall-cmd --runtime-to-permanent
+----
+
+.Verification
+* Enter the following command:
++
+[options="nowrap"]
+----
+# firewall-cmd --list-all
+----
+
+.Additional resources
+* {PlanningDocURL}networking-in-a-{project-context}-deployment[Networking in a {Project} deployment]
+ifndef::foreman-deb[]
+* https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/configuring_firewalls_and_packet_filters/using-and-configuring-firewalld_firewall-packet-filters/9/html/configuring_firewalls_and_packet_filters/using-and-configuring-firewalld_firewall-packet-filters[Using and configuring firewalld in _{RHEL}{nbsp}9 Configuring firewalls and packet filters_]
+endif::[]
@@ -18,5 +18,10 @@ For more information on manifests and repositories, see {ContentManagementDocURL
 ** Ensure HTTPS connection using client certificate authentication is possible between {SmartProxyServer} and {ProjectServer}.
 HTTP proxies between {SmartProxyServer} and {ProjectServer} are not supported.
 ** You must configure the host and network-based firewalls accordingly.
-For more information, see xref:common/modules/proc_enabling-connections-to-capsule.adoc#enabling-connections-to-capsule_{context}[].
+ifeval::["{context}" == "load-balancing"]
+For more information, see {InstallingSmartProxyDocURL}opening-required-ports[Opening required ports in _{InstallingSmartProxyDocTitle}_].
+endif::[]
+ifeval::["{context}" == "installing-capsule-server"]
+For more information, see xref:common/modules/proc_opening-required-ports.adoc#opening-required-ports[].
+endif::[]
 include::snip_host-registration-steps.adoc[]