Deployment Prerequisites

External Network Access Requirements

NCP Web & Chat UI

Service	Host Port / Protocol	Purpose
NCP Web UI	443/tcp	Web GUI access
NCP Chat UI	9001/tcp	Chat API endpoint
Prompt Autocomplete	8004/tcp	Prompt autocomplete service

Flow & Log Ingest

Service	Host Port / Proto	Purpose
NetFlow Ingest	2055/udp	NetFlow ingestion from network devices
sFlow Ingest	6343/udp	sFlow ingestion from network devices
Flow Collector API / UI	8099/tcp	Flow collector HTTP endpoint
Syslog Ingest	514/udp	Syslog ingestion

NCP Backend Services

Service	Host Port / Proto	Purpose
NCP Redis	6379/tcp	Backend cache / message broker
NCP Kafka Broker	9092/tcp	Kafka client access
NCP Kafka Connect	8083/tcp	Kafka Connect REST API
NCP Chart MCP	1122/tcp	Chart MCP control port
NCP Chart MCP	10130/tcp	Chart MCP data port

NCP Internal Services

Service	Internal Ports
NCP Celery Beat	internal only
NCP Celery Worker	internal only
NCP DB Migrator	internal only
NCP File Connector	internal only
NCP Fortinet Collector	internal only
NCP Config Collector	8094/tcp
NCP Palo Alto Collector	internal only
NCP SNMP Collector	162/udp, 8093/tcp
NCP Streams Processor	8080/tcp
NCP Schema Registry	8081/tcp
NCP ksqlDB	internal only
NCP Zookeeper	2181/tcp, 2888/tcp, 3888/tcp
NCP LLM Service	8000/tcp
NCP Knowledge Base	8000/tcp
NCP PostgreSQL DB	5432/tcp
NCP Collector DB	5432/tcp, 8008/tcp, 8081/tcp

These port numbers must be available and allowed through the firewall if the NCP Controller and nodes are in different DMZs.

---

You can use the following command to verify the currently used ports:

sudo iptables -L

Node Configuration Requirements

• Network reachability from the NCP Controller

• SSH access must be enabled

• SNMP must be enabled on non-SONiC switches

Browser Requirements for NCP Web GUI Access

• Google Chrome version 107 or later

• Mozilla Firefox version 106 or later