The table below specifies the ports and connectivity requirements for deploying the SphereShield Cloud Conditional Access solution
See diagram here: Topology
The requirement in general are:
All SphereShield components need to be able to communicate with the database
The Bastion server needs to be accessible externally by the service.
e.g. ADFS uses port 443
You can also advise the following table
Component | Port | Type | Source | Target | Purpose | Remark |
|---|---|---|---|---|---|---|
CAF filter | 1433 | TCP | Bastion |
Database | Allowing the CAF filter to load the configuration and certificate analysis details | |||
External access for bastion listening ports | 443 | TCP | * | Bastion |
*
Allowing external clients to be filterd by the CAF
Configured during the initial configuration of the Bastion based on the particular integration requirement
(common application such as ADFS will require 443)Permit ADFS access only to managed devices with client certificates | For Client Certificate authentication to work there must not be any SSL termination between the client device and Bastion. | |||||
Admin Portal | 1433 | TCP | Admin Portal | Database | Allowing to configure the certificate analysis details and MDM integration | |
Admin Portal | MDM API port | TCP | Admin Portal | MDM API | To allow integration with the API and pull managed device information | Required only in case of implementing MDM device auditing |