The table below specifies the ports and connectivity requirements for deploying the SphereShield Cloud Conditional Access solution
See diagram here: Topology
The requirement in general are:
All SphereShield components need to be able to communicate with the database
The Bastion server needs to be accessible externally by the service.
e.g. ADFS uses port 443
You can also advise the following table
Component | Port | Scope | Type | Source | Target | Purpose | Remark |
|---|---|---|---|---|---|---|---|
CAF filter | 1433 | Internal | TCP | Bastion server | Database | Allowing the CAF filter to load the configuration and certificate analysis details | |
External access for bastion listening ports | 443 | External | TCP | Bastion | * | Allowing external clients to be filterd by the CAF | Configured during the initial configuration of the Bastion based on the particular integration requirement (common application such as ADFS will require 443) |
Admin Portal | 1433 | Internal | TCP | Admin Portal | Database | Allowing to configure the certificate analysis details and MDM integration | |
Admin Portal | MDM API port | Internal | TCP | Admin Portal | API | To allow integration with the API and pull managed device information | Required only in case of implementing MDM device auditing |