Firewall requirements
- 1 minute to read
- Print
- DarkLight
- PDF
Firewall requirements
- 1 minute to read
- Print
- DarkLight
- PDF
Article Summary
This document lists the firewall rules required to run senhasegura, as well as the ports used with each senhasegura instance.
Source or Destination Ports:
- SSAPLPRD: senhasegura's Appliance in Production
- SSAPLMBR: senhasegura's Secondary Members
Communication between senhasegura and management systems
Permission | Protocol | Source | Source Port | Destination | Destination Port |
---|---|---|---|---|---|
ALLOW | UDP | SSAPLPRD | ANY | NTP server | 123 |
ALLOW | UDP | SSAPLPRD | ANY | DNS server | 53 |
ALLOW | TCP | SSAPLPRD | ANY | MAIL server | SMTP |
ALLOW | TCP | SSAPLPRD | ANY | LDAP server | LDAP |
ALLOW | TCP | SSAPLPRD | ANY | LDAP server | LDAPS |
ALLOW | UDP | SSAPLPRD | ANY | RADIUS server | RADIUS |
ALLOW | TCP | SSAPLPRD | ANY | TACACS server | TACACS |
ALLOW | UDP | SSAPLPRD | ANY | TACACS server | TACACS |
ALLOW | TCP | SSAPLPRD | ANY | LOG server | SYSLOG |
ALLOW | UDP | SSAPLPRD | ANY | LOG server | SYSLOG |
ALLOW | TCP | SSAPLPRD | ANY | BACKUP server | SSH |
ALLOW | TCP | SSAPLPRD | ANY | BACKUP server | NFS |
ALLOW | TCP | SSAPLPRD | ANY | BACKUP server | SMB |
Communication between management systems and senhasegura
Permission | Protocol | Source | Source Port | Destination | Destination Port |
---|---|---|---|---|---|
ALLOW | TCP | BACKUP server | ANY | SSAPLPRD | SSH |
ALLOW | TCP | BACKUP server | ANY | SSAPLPRD | NFS |
ALLOW | TCP | BACKUP server | ANY | SSAPLPRD | SMB |
Communication between users and senhasegura
Permission | Protocol | Source | Source Port | Destination | Destination Port |
---|---|---|---|---|---|
ALLOW | TCP | it_users | ANY | SSAPLPRD | HTTPS |
ALLOW | TCP | it_users | ANY | SSAPLPRD | HTTP |
ALLOW | TCP | it_users | ANY | SSAPLPRD | SSH |
ALLOW | TCP | it_users | ANY | SSAPLPRD | RDP |
Communication between senhasegura and managed devices
Permission | Protocol | Source | Source Port | Destination | Destination Port |
---|---|---|---|---|---|
ALLOW | TCP | SSAPLPRD | ANY | target_device | SSH |
ALLOW | TCP | SSAPLPRD | ANY | target_device | TELNET |
ALLOW | TCP | SSAPLPRD | ANY | target_device | ORACLE |
ALLOW | TCP | SSAPLPRD | ANY | target_device | MS-SQL |
ALLOW | TCP | SSAPLPRD | ANY | target_device | POSTGRE |
ALLOW | TCP | SSAPLPRD | ANY | target_device | MySQL |
ALLOW | TCP | SSAPLPRD | ANY | target_device | RDP |
ALLOW | TCP | SSAPLPRD | ANY | target_device | RPC |
ALLOW | TCP | SSAPLPRD | ANY | target_device | RM |
ALLOW | TCP | SSAPLPRD | ANY | target_device | SMB |
ALLOW | TCP | SSAPLPRD | ANY | target_device | HTTP |
ALLOW | TCP | SSAPLPRD | ANY | target_device | HTTPS |
Communication between senhasegura instances, if applicable
Permission | Protocol | Source | Source Port | Destination | Destination Port |
---|---|---|---|---|---|
ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | SSH |
ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | MySQL |
ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | 9300 |
ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | 4567 |
ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | 4568 |
ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | 4444 |
ALLOW | UDP | SSAPLPRD | ANY | SSAPLMBR | 4567 |
ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | HTTP |
ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | HTTPS |
ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | SSH |
ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | MySQL |
ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | 9300 |
ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | 4567 |
ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | 4568 |
ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | 4444 |
ALLOW | UDP | SSAPLMBR | ANY | SSAPLPRD | 4567 |
ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | HTTP |
ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | HTTPS |
Was this article helpful?