Firewall requirements
- 1 minute to read
- Print
- DarkLight
- PDF
Firewall requirements
- 1 minute to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
This document lists the firewall rules required to run senhasegura, as well as the ports used with each senhasegura instance.
Source or Destination Ports:
- SSAPLPRD: senhasegura's Appliance in Production
- SSAPLMBR: senhasegura's Secondary Members
Communication between senhasegura and management systems
| Permission | Protocol | Source | Source Port | Destination | Destination Port |
|---|---|---|---|---|---|
| ALLOW | UDP | SSAPLPRD | ANY | NTP server | 123 |
| ALLOW | UDP | SSAPLPRD | ANY | DNS server | 53 |
| ALLOW | TCP | SSAPLPRD | ANY | MAIL server | SMTP |
| ALLOW | TCP | SSAPLPRD | ANY | LDAP server | LDAP |
| ALLOW | TCP | SSAPLPRD | ANY | LDAP server | LDAPS |
| ALLOW | UDP | SSAPLPRD | ANY | RADIUS server | RADIUS |
| ALLOW | TCP | SSAPLPRD | ANY | TACACS server | TACACS |
| ALLOW | UDP | SSAPLPRD | ANY | TACACS server | TACACS |
| ALLOW | TCP | SSAPLPRD | ANY | LOG server | SYSLOG |
| ALLOW | UDP | SSAPLPRD | ANY | LOG server | SYSLOG |
| ALLOW | TCP | SSAPLPRD | ANY | BACKUP server | SSH |
| ALLOW | TCP | SSAPLPRD | ANY | BACKUP server | NFS |
| ALLOW | TCP | SSAPLPRD | ANY | BACKUP server | SMB |
Communication between management systems and senhasegura
| Permission | Protocol | Source | Source Port | Destination | Destination Port |
|---|---|---|---|---|---|
| ALLOW | TCP | BACKUP server | ANY | SSAPLPRD | SSH |
| ALLOW | TCP | BACKUP server | ANY | SSAPLPRD | NFS |
| ALLOW | TCP | BACKUP server | ANY | SSAPLPRD | SMB |
Communication between users and senhasegura
| Permission | Protocol | Source | Source Port | Destination | Destination Port |
|---|---|---|---|---|---|
| ALLOW | TCP | it_users | ANY | SSAPLPRD | HTTPS |
| ALLOW | TCP | it_users | ANY | SSAPLPRD | HTTP |
| ALLOW | TCP | it_users | ANY | SSAPLPRD | SSH |
| ALLOW | TCP | it_users | ANY | SSAPLPRD | RDP |
Communication between senhasegura and managed devices
| Permission | Protocol | Source | Source Port | Destination | Destination Port |
|---|---|---|---|---|---|
| ALLOW | TCP | SSAPLPRD | ANY | target_device | SSH |
| ALLOW | TCP | SSAPLPRD | ANY | target_device | TELNET |
| ALLOW | TCP | SSAPLPRD | ANY | target_device | ORACLE |
| ALLOW | TCP | SSAPLPRD | ANY | target_device | MS-SQL |
| ALLOW | TCP | SSAPLPRD | ANY | target_device | POSTGRE |
| ALLOW | TCP | SSAPLPRD | ANY | target_device | MySQL |
| ALLOW | TCP | SSAPLPRD | ANY | target_device | RDP |
| ALLOW | TCP | SSAPLPRD | ANY | target_device | RPC |
| ALLOW | TCP | SSAPLPRD | ANY | target_device | RM |
| ALLOW | TCP | SSAPLPRD | ANY | target_device | SMB |
| ALLOW | TCP | SSAPLPRD | ANY | target_device | HTTP |
| ALLOW | TCP | SSAPLPRD | ANY | target_device | HTTPS |
Communication between senhasegura instances, if applicable
| Permission | Protocol | Source | Source Port | Destination | Destination Port |
|---|---|---|---|---|---|
| ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | SSH |
| ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | MySQL |
| ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | 9300 |
| ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | 4567 |
| ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | 4568 |
| ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | 4444 |
| ALLOW | UDP | SSAPLPRD | ANY | SSAPLMBR | 4567 |
| ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | HTTP |
| ALLOW | TCP | SSAPLPRD | ANY | SSAPLMBR | HTTPS |
| ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | SSH |
| ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | MySQL |
| ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | 9300 |
| ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | 4567 |
| ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | 4568 |
| ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | 4444 |
| ALLOW | UDP | SSAPLMBR | ANY | SSAPLPRD | 4567 |
| ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | HTTP |
| ALLOW | TCP | SSAPLMBR | ANY | SSAPLPRD | HTTPS |
Was this article helpful?
