The table below specifies the ports and connectivity requirements for deploying the SphereShield cloud conditional access solution
See diagram here: Topology
The requirement in general are:
All SphereShield components need to be able to communicate with the database
The Bastion server need to be able to access the Admin Portal API port set in the IIS
The Bastion server needs to be accessible externally by the service.
e.g. ADFS uses port 443
You can also advise the following table
Component
Requirements
Type
Details
Default port
Bastion server/CAF
Database
Internal
Communication with the Microsoft SQL Server
1433
Access Portal
Internal
Set during installation or cab customized afterwards in the IIS bindings.
80/443
Component | Port | Type | Source | Target | Purpose | Remark |
|---|---|---|---|---|---|---|
CAF filter | 1433 | TCP | Bastion | Database | Allowing the CAF filter to load the configuration and certificate analysis details | |
External access for bastion listening ports |
External
Configured during the initial configuration based on the particular integration requirement
(common application will be 443)
443
(This is dependent on the service wished to be protected)Site port binding
Internal
Set during installation or cab customized afterwards in the IIS bindings.
443 | TCP | * | Bastion | Permit ADFS access only to managed devices with client certificates | For Client Certificate authentication to work there must not be any SSL termination between the client device and Bastion. |
Admin Portal | 1433 | TCP | Admin Portal | Database |
Internal
Communication with the Microsoft SQL Server
1433
Allowing to configure the certificate analysis details and MDM integration | ||||||
Admin Portal | MDM API port | TCP | Admin Portal | MDM API | To allow integration with the API and pull managed device information | Required only in case of implementing MDM device auditing |