Contents x
    Firewall rules
    • 2 minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Firewall rules

    • 2 minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    To ensure the correct operation of senhasegura, specific firewall rules need to be configured. In this article, you will find the necessary firewall rules along with corresponding source and destination ports.

    Important

    In clustered environments, it’s also necessary to configure firewall rules for the Primary application on secondary members.

    Info

    We use the following abbreviations in the tables in this article:

    • PRD: Primary application.
    • MBR: secondary members of a cluster.
    • USERW: user workstation.
    • DVC: devices registered in senhasegura.

    Firewall rules

    Important

    Currently, senhasegura doesn’t support the use of any other type of proxy other than the APT proxy for system update packages, and the Fajita proxy. Any other uses of senhasegura through some other proxy are not supported.

    Communication between senhasegura and management systems

    PermissionProtocolSourceSource PortDestinationDestination Port
    ALLOWUDPPRDANYNTP SERVER123/NTP
    ALLOWUDPPRDANYDNS SERVER53/DNS
    ALLOWTCPPRDANYMAIL SERVER420/SMTP
    ALLOWTCPPRDANYLDAP SERVER389/LDAP
    ALLOWTCPPRDANYLDAP SERVER636/LDAPS
    ALLOWUDPPRDANYRADIUS SERVER1812/RADIUS
    ALLOWTCPPRDANYTACACS SERVER49/TACACS
    ALLOWUDPPRDANYTACACS SERVER49/TACACS
    ALLOWTCPPRDANYLOG SERVER514/SYSLOG
    ALLOWUDPPRDANYLOG SERVER6514/SYSLOG
    ALLOWTCPPRDANYBACKUP SERVER22/SSH
    ALLOWTCPPRDANYBACKUP SERVER2049/NFS
    ALLOWTCPPRDANYBACKUP SERVER5445/SMB

    Communication between management systems and senhasegura

    PermissionProtocolSourceSource PortDestinationDestination Port
    ALLOWTCPBACKUP SERVERANYPRD22/SSH
    ALLOWTCPBACKUP SERVERANYPRD2049/NFS
    ALLOWTCPBACKUP SERVERANYPRD445/SMB

    Communication between users and senhasegura

    PermissionProtocolSourceSource PortDestinationDestination Port
    ALLOWTCPUSERWANYPRD443/HTTPS
    ALLOWTCPUSERWANYPRD80/HTTP
    ALLOWTCPUSERWANYPRD22/SSH
    ALLOWTCPUSERWANYPRD3389/RDP

    Communication between senhasegura and managed devices

    PermissionProtocolSourceSource PortDestinationDestination Port
    ALLOWTCPPRDANYDVC22/SSH
    ALLOWTCPPRDANYDVC23/TELNET
    ALLOWTCPPRDANYDVC7443/ORACLE
    ALLOWTCPPRDANYDVC1433/MS-SQL
    ALLOWTCPPRDANYDVC5432/POSTGRES
    ALLOWTCPPRDANYDVC3306/MySQL
    ALLOWTCPPRDANYDVC3389/RDP
    ALLOWTCPPRDANYDVC135/RPC
    ALLOWTCPPRDANYDVC139/RM
    ALLOWTCPPRDANYDVC445/SMB
    ALLOWTCPPRDANYDVC80/HTTP
    ALLOWTCPPRDANYDVC443/HTTPS

    Communication between instances of senhasegura (if applicable)

    PermissionProtocolSourceSource PortDestinationDestination Port
    ALLOWTCPPRDANYMBR22/SSH
    ALLOWTCPPRDANYMBR3306/MySQL
    ALLOWTCPPRDANYMBR9300/VRACE
    ALLOWTCPPRDANYMBR4567/TRAM
    ALLOWTCPPRDANYMBR4568/BMC
    ALLOWTCPPRDANYMBR4444/METASPLOIT
    ALLOWUDPPRDANYMBR4567/TRAM
    ALLOWTCPPRDANYMBR80/HTTP
    ALLOWTCPPRDANYMBR443/HTTPS
    ALLOWTCPMBRANYPRD22/SSH
    ALLOWTCPMBRANYPRD3306/MySQL
    ALLOWTCPMBRANYPRD9300/VRACE
    ALLOWTCPMBRANYPRD4567/TRAM
    ALLOWTCPMBRANYPRD4568/BMC
    ALLOWTCPMBRANYPRD4444/METASPLOIT
    ALLOWUDPMBRANYPRD4567/TRAM
    ALLOWTCPMBRANYPRD80/HTTP
    ALLOWTCPMBRANYPRD443/HTTPS
    Was this article helpful?
    What's Next
    Digital sovereignty is a fundamental right for citizens, institutions, and society. That’s why we work every day.
    Connect With Us
    SENHASEGURA
    LEARN
    EXPLORE
    Copyright © senhasegura. All Rights Reserved