Restricted access to Moxi ports
Make sure that all the ports that Moxi uses are accessible only by trusted machines (including the other nodes in the cluster).
Restricted access to web console (port 8091)
The web console is password protected. However, it is recommended that you restrict access to port 8091, as a abuser could do potentially harmful operations (like remove a node) from the web console.
Node to Node communication on ports
All nodes in the cluster should be able to communicate with each other on 11210 and 8091.
Swap should be configured on the couchbase server, to avoid the operating system killing couchbase server if the system RAM is exhausted. Having swap provides more options on how to manage such a situation.
Idle connection timeouts
Some firewall or proxy software will drop TCP connections which are idle for a certain amount of time (e.g., 20 minutes). If the software does not allow changing that timeout, send a command from the client periodically to keep the connection alive.
Port Exhaustion on Windows
The TCP/IP port allocation on Windows by default includes a restricted number of ports available for client communication. For more information on this issue, including information on how to adjust the configuration and increase the available ports, see MSDN: Avoiding TCP/IP Port Exhaustion.