Firewall rules
  • 2 minutes to read
  • Dark
    Light
  • PDF

Firewall rules

  • Dark
    Light
  • PDF

Article summary

To ensure the correct operation of senhasegura, specific firewall rules need to be configured. In this article, you will find the necessary firewall rules along with corresponding source and destination ports.

Important

In clustered environments, it’s also necessary to configure firewall rules for the Primary application on secondary members.

Please validate that your instance can access the official senhasegura mirror servers using the following URLs:

  • https://deb.senhasegura.com/
  • https://security.senhasegura.com/

Info

We use the following abbreviations in the tables in this article:

  • PRD: Primary application.
  • MBR: secondary members of a cluster.
  • USERW: user workstation.
  • DVC: devices registered in senhasegura.

Firewall rules

Important

Currently, senhasegura doesn’t support the use of any other type of proxy other than the APT proxy for system update packages, and the Fajita proxy. Any other uses of senhasegura through some other proxy are not supported.

Communication between senhasegura and management systems

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWUDPPRDANYNTP SERVER123/NTP
ALLOWUDPPRDANYDNS SERVER53/DNS
ALLOWTCPPRDANYMAIL SERVER420/SMTP
ALLOWTCPPRDANYLDAP SERVER389/LDAP
ALLOWTCPPRDANYLDAP SERVER636/LDAPS
ALLOWUDPPRDANYRADIUS SERVER1812/RADIUS
ALLOWTCPPRDANYTACACS SERVER49/TACACS
ALLOWUDPPRDANYTACACS SERVER49/TACACS
ALLOWTCPPRDANYLOG SERVER514/SYSLOG
ALLOWUDPPRDANYLOG SERVER6514/SYSLOG
ALLOWTCPPRDANYBACKUP SERVER22/SSH
ALLOWTCPPRDANYBACKUP SERVER2049/NFS
ALLOWTCPPRDANYBACKUP SERVER5445/SMB

Communication between management systems and senhasegura

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWTCPBACKUP SERVERANYPRD22/SSH
ALLOWTCPBACKUP SERVERANYPRD2049/NFS
ALLOWTCPBACKUP SERVERANYPRD445/SMB

Communication between users and senhasegura

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWTCPUSERWANYPRD443/HTTPS
ALLOWTCPUSERWANYPRD80/HTTP
ALLOWTCPUSERWANYPRD22/SSH
ALLOWTCPUSERWANYPRD3389/RDP
ALLOWTCPUSERWANYPRD1433/MS-SQL
ALLOWTCPUSERWANYPRD5432/POSTGRES
ALLOWTCPUSERWANYPRD1521 or 2484*/OracleDB

*SSL/TLS Connection

Communication between senhasegura and managed devices

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWTCPPRDANYDVC22/SSH
ALLOWTCPPRDANYDVC23/TELNET
ALLOWTCPPRDANYDVC7443/ORACLE
ALLOWTCPPRDANYDVC1433/MS-SQL
ALLOWTCPPRDANYDVC5432/POSTGRES
ALLOWTCPPRDANYDVC3306/MySQL
ALLOWTCPPRDANYDVC3389/RDP
ALLOWTCPPRDANYDVC135/RPC
ALLOWTCPPRDANYDVC139/RM
ALLOWTCPPRDANYDVC445/SMB
ALLOWTCPPRDANYDVC80/HTTP
ALLOWTCPPRDANYDVC443/HTTPS
ALLOWTCPPRDANYPRD1521 or 2484*/OracleDB

*SSL/TLS Connection

Communication between instances of senhasegura (if applicable)

PermissionProtocolSourceSource PortDestinationDestination Port
ALLOWTCPPRDANYMBR22/SSH
ALLOWTCPPRDANYMBR3306/MySQL
ALLOWTCPPRDANYMBR9300/VRACE
ALLOWTCPPRDANYMBR4567/TRAM
ALLOWTCPPRDANYMBR4568/BMC
ALLOWTCPPRDANYMBR4444/SST do Galera Cluster
ALLOWUDPPRDANYMBR4567/TRAM
ALLOWTCPPRDANYMBR80/HTTP
ALLOWTCPPRDANYMBR443/HTTPS
ALLOWTCPPRDANYMBR4248/senhasegura Sync
ALLOWTCPPRDANYMBR59022/senhasegura SSH
ALLOWTCPMBRANYPRD22/SSH
ALLOWTCPMBRANYPRD3306/MySQL
ALLOWTCPMBRANYPRD9300/VRACE
ALLOWTCPMBRANYPRD4567/TRAM
ALLOWTCPMBRANYPRD4568/BMC
ALLOWTCPMBRANYPRD4444/SST do Galera Cluster
ALLOWUDPMBRANYPRD4567/TRAM
ALLOWTCPMBRANYPRD80/HTTP
ALLOWTCPMBRANYPRD443/HTTPS
ALLOWTCPMBRANYPRD4248/senhasegura Sync
ALLOWTCPMBRANYPRD59022/senhasegura SSH

Was this article helpful?