Firewall rules
  • 2 minutes to read
  • Dark
    Light
  • PDF

Firewall rules

  • Dark
    Light
  • PDF

Article Summary

To ensure the correct operation of senhasegura, specific firewall rules need to be configured. In this article, you will find the necessary firewall rules along with corresponding source and destination ports.

Important

In clustered environments, it’s also necessary to configure firewall rules for the Primary application on secondary members.

Info

We use the following abbreviations in the tables in this article:

  • PRD: Primary application.
  • MBR: secondary members of a cluster.
  • USERW: user workstation.
  • DVC: devices registered in senhasegura.

Firewall rules

Communication between senhasegura and management systems

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWUDPPRDANYNTP SERVER123/NTP
ALLOWUDPPRDANYDNS SERVER53/DNS
ALLOWTCPPRDANYMAIL SERVER420/SMTP
ALLOWTCPPRDANYLDAP SERVER389/LDAP
ALLOWTCPPRDANYLDAP SERVER636/LDAPS
ALLOWUDPPRDANYRADIUS SERVER1812/RADIUS
ALLOWTCPPRDANYTACACS SERVER49/TACACS
ALLOWUDPPRDANYTACACS SERVER49/TACACS
ALLOWTCPPRDANYLOG SERVER514/SYSLOG
ALLOWUDPPRDANYLOG SERVER6514/SYSLOG
ALLOWTCPPRDANYBACKUP SERVER22/SSH
ALLOWTCPPRDANYBACKUP SERVER2049/NFS
ALLOWTCPPRDANYBACKUP SERVER5445/SMB

Communication between management systems and senhasegura

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWTCPBACKUP SERVERANYPRD22/SSH
ALLOWTCPBACKUP SERVERANYPRD2049/NFS
ALLOWTCPBACKUP SERVERANYPRD445/SMB

Communication between users and senhasegura

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWTCPUSERWANYPRD443/HTTPS
ALLOWTCPUSERWANYPRD80/HTTP
ALLOWTCPUSERWANYPRD22/SSH
ALLOWTCPUSERWANYPRD3389/RDP

Communication between senhasegura and managed devices

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWTCPPRDANYDVC22/SSH
ALLOWTCPPRDANYDVC23/TELNET
ALLOWTCPPRDANYDVC7443/ORACLE
ALLOWTCPPRDANYDVC1433/MS-SQL
ALLOWTCPPRDANYDVC5432/POSTGRES
ALLOWTCPPRDANYDVC3306/MySQL
ALLOWTCPPRDANYDVC3389/RDP
ALLOWTCPPRDANYDVC135/RPC
ALLOWTCPPRDANYDVC139/RM
ALLOWTCPPRDANYDVC445/SMB
ALLOWTCPPRDANYDVC80/HTTP
ALLOWTCPPRDANYDVC443/HTTPS

Communication between instances of senhasegura (if applicable)

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWTCPPRDANYMBR22/SSH
ALLOWTCPPRDANYMBR3306/MySQL
ALLOWTCPPRDANYMBR9300/VRACE
ALLOWTCPPRDANYMBR4567/TRAM
ALLOWTCPPRDANYMBR4568/BMC
ALLOWTCPPRDANYMBR4444/METASPLOIT
ALLOWUDPPRDANYMBR4567/TRAM
ALLOWTCPPRDANYMBR80/HTTP
ALLOWTCPPRDANYMBR443/HTTPS
ALLOWTCPMBRANYPRD22/SSH
ALLOWTCPMBRANYPRD3306/MySQL
ALLOWTCPMBRANYPRD9300/VRACE
ALLOWTCPMBRANYPRD4567/TRAM
ALLOWTCPMBRANYPRD4568/BMC
ALLOWTCPMBRANYPRD4444/METASPLOIT
ALLOWUDPMBRANYPRD4567/TRAM
ALLOWTCPMBRANYPRD80/HTTP
ALLOWTCPMBRANYPRD443/HTTPS

Was this article helpful?