Which Firewall Ports Should Be Opened for SphereShield for Teams/Zoom?
The following ports should be opened:
| Component | Source IP | Destination IP | Destination Port | protocol | Reason | remarks |
|---|---|---|---|---|---|---|
Bastion - Reverse Proxy Server | Any | Bastion Server | 443 | HTTPS | Reverse Proxy listening port | Sphereshield for SFB |
| Bastion -Forward Proxy Server | Teams Clients | Bastion Server | 80* | http | Forward Proxy listening port | Sphereshield for Teams Proxy |
| Bastion - Proxy Server | Bastion's | SQL server | 1433 | TCP | To allow the Bastion's filters to pull configurations which will determine the behavior of the filters | Sphereshield for Teams Proxy |
| Access Portal | Access Portal's | SQL server | 1433 | TCP | To allow the Access Portal website access to the SQL DB where it is used to modify settings and preferences | Sphereshield for Teams Proxy Sphereshield for Teams API |
| CASB Adapter | CASB Adapter's | SQL server | 1433 | TCP | To allow the CASB Adapter to get users and groups.. | Sphereshield for Teams API |
| Bastion, CASB Adapter, and Admin Portal | Bastion, CASB Adapter, and Admin Portal | 443 | Communication Between Proxy and Team servers | Skype for Business Online and Microsoft Teams (TCP) | ||
| Admins and Bastion | Admin Portal | 443 | Management Console and API | |||
| Webhook Listener | Webhook Listener server | SQL server | 1433 | TCP | Insert messages in DB | Sphereshield for Teams API |
| Webhook Listener | Microsoft IP's | Webhook Listener server | 443 | Get Webhook notifications from Microsoft | Sphereshield for Teams API | |
| Clients PC's | Client's | *.agatcloud.com | 443 | HTTPS | To get static scripts for clients | Sphereshield for Teams Proxy |
| Microsoft Graph | Please refer to: Which URL's Should Be Opened for SphereShield when using Microsoft Graph for MS Teams | Sphereshield for Teams API | ||||
*Or the port that you use for proxy listening
Firewall requirements for implementing eDiscovery using API
Note:
eDiscovery via API doesn't require real-time responsiveness. Hence the product does not need webhooks or the listener site. Rather, it uses a polling method whereby our adapter process calls Microsoft's Graph API. This involves HTTPS traffic from the internal network to Microsoft's network.