Firewall requirements
  • 1 minute to read
  • Dark
    Light
  • PDF

Firewall requirements

  • Dark
    Light
  • PDF

Article Summary

This document lists the firewall rules required to run senhasegura, as well as the ports used with each senhasegura instance.

Source or Destination Ports:

  • SSAPLPRD: senhasegura's Appliance in Production
  • SSAPLMBR: senhasegura's Secondary Members

Communication between senhasegura and management systems

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWUDPSSAPLPRDANYNTP server123
ALLOWUDPSSAPLPRDANYDNS server53
ALLOWTCPSSAPLPRDANYMAIL serverSMTP
ALLOWTCPSSAPLPRDANYLDAP serverLDAP
ALLOWTCPSSAPLPRDANYLDAP serverLDAPS
ALLOWUDPSSAPLPRDANYRADIUS serverRADIUS
ALLOWTCPSSAPLPRDANYTACACS serverTACACS
ALLOWUDPSSAPLPRDANYTACACS serverTACACS
ALLOWTCPSSAPLPRDANYLOG serverSYSLOG
ALLOWUDPSSAPLPRDANYLOG serverSYSLOG
ALLOWTCPSSAPLPRDANYBACKUP serverSSH
ALLOWTCPSSAPLPRDANYBACKUP serverNFS
ALLOWTCPSSAPLPRDANYBACKUP serverSMB

Communication between management systems and senhasegura

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWTCPBACKUP serverANYSSAPLPRDSSH
ALLOWTCPBACKUP serverANYSSAPLPRDNFS
ALLOWTCPBACKUP serverANYSSAPLPRDSMB

Communication between users and senhasegura

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWTCPit_usersANYSSAPLPRDHTTPS
ALLOWTCPit_usersANYSSAPLPRDHTTP
ALLOWTCPit_usersANYSSAPLPRDSSH
ALLOWTCPit_usersANYSSAPLPRDRDP

Communication between senhasegura and managed devices

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWTCPSSAPLPRDANYtarget_deviceSSH
ALLOWTCPSSAPLPRDANYtarget_deviceTELNET
ALLOWTCPSSAPLPRDANYtarget_deviceORACLE
ALLOWTCPSSAPLPRDANYtarget_deviceMS-SQL
ALLOWTCPSSAPLPRDANYtarget_devicePOSTGRE
ALLOWTCPSSAPLPRDANYtarget_deviceMySQL
ALLOWTCPSSAPLPRDANYtarget_deviceRDP
ALLOWTCPSSAPLPRDANYtarget_deviceRPC
ALLOWTCPSSAPLPRDANYtarget_deviceRM
ALLOWTCPSSAPLPRDANYtarget_deviceSMB
ALLOWTCPSSAPLPRDANYtarget_deviceHTTP
ALLOWTCPSSAPLPRDANYtarget_deviceHTTPS

Communication between senhasegura instances, if applicable

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWTCPSSAPLPRDANYSSAPLMBRSSH
ALLOWTCPSSAPLPRDANYSSAPLMBRMySQL
ALLOWTCPSSAPLPRDANYSSAPLMBR9300
ALLOWTCPSSAPLPRDANYSSAPLMBR4567
ALLOWTCPSSAPLPRDANYSSAPLMBR4568
ALLOWTCPSSAPLPRDANYSSAPLMBR4444
ALLOWUDPSSAPLPRDANYSSAPLMBR4567
ALLOWTCPSSAPLPRDANYSSAPLMBRHTTP
ALLOWTCPSSAPLPRDANYSSAPLMBRHTTPS
ALLOWTCPSSAPLMBRANYSSAPLPRDSSH
ALLOWTCPSSAPLMBRANYSSAPLPRDMySQL
ALLOWTCPSSAPLMBRANYSSAPLPRD9300
ALLOWTCPSSAPLMBRANYSSAPLPRD4567
ALLOWTCPSSAPLMBRANYSSAPLPRD4568
ALLOWTCPSSAPLMBRANYSSAPLPRD4444
ALLOWUDPSSAPLMBRANYSSAPLPRD4567
ALLOWTCPSSAPLMBRANYSSAPLPRDHTTP
ALLOWTCPSSAPLMBRANYSSAPLPRDHTTPS

Was this article helpful?