The following ports should be opened:
| Component | Source IP | Destination IP | Destination Port | protocol | Reason | remarks |
|---|---|---|---|---|---|---|
Bastion - Reverse Proxy Server | Any | Bastion Server | 443 | HTTPS | Reverse Proxy listening port | Sphereshield for SFB |
| Bastion -Forward Proxy Server | Teams Clients | Bastion Server | 80* | http | Forward Proxy listening port | Sphereshield for Teams |
| Bastion - Proxy Server | Bastion's | SQL server | 1433 | TCP | To allow the Bastion's filters to pull configurations which will determine the behavior of the filters | |
| Access Portal | Access Portal's | SQL server | 1433 | TCP | To allow the Access Portal website access to the SQL DB where it is used to modify settings and preferences | |
| CASB Adapter | CASB Adapter's | SQL server | 1433 | TCP | To allow the CASB Adapter to get users and groups.. | |
| Bastion, CASB Adapter, and Admin Portal | Bastion, CASB Adapter, and Admin Portal | 443 | Communication Between Proxy and Team servers | Skype for Business Online and Microsoft Teams (TCP) | ||
| Admins and Bastion | Admin Portal | 443 | Management Console and API | |||
| Webhook Listener | Webhook Listener server | SQL server | 1433 | TCP | Insert messages in DB | |
| Webhook Listener | Microsoft IP's | Webhook Listener server | 443 | Get Webhook notifications from Microsoft | ||
| Clients PC's | Client's | *.agatcloud.com | 443 | HTTPS | To get static scripts for clients | |
| Microsoft Graph | Please refer to: Which URL's Should Be Opened for SphereShield when using Microsoft Graph for MS Teams | |||||
...
Firewall requirements for implementing eDiscovery using API
Note:
When implementing API for eDiscovery, there is no importance for real-time activity, and therefore, eDiscovery via API doesn't require real-time responsiveness. Hence the product does not need webhooks and not or the listener site. The only network traffic needed is calling graph API from the adapter Rather, it uses a polling method whereby our adapter process calls Microsoft's Graph API. This involves HTTPS traffic from the internal network to Microsoft's network.