Firewall Requirements - v2023.04
Monofor has different kinds of integrations, and it needs some firewall access. In the table below these accesses are described.
Internet Access
Source | Destination | Service/Port | Information |
|---|---|---|---|
Monopam Server(s) | *.monosign.com *.monofor.com | TCP/443 | For Monopam images, updates license check and configuration |
Monopam Server(s) | download.docker.com | TCP/443 | Docker required package installation |
Monopam Server(s) | Operating System repositories | TCP/80 TCP/443 | OS upgrades and some necessary packages |
Internal Access
Source | Destination | Service/Port | Information |
|---|---|---|---|
Monopam Server(s) | Database Servers | TCP/1433 TCP-UDP/1434 TCP-UDP/49152–65535 TCP/5432 | *Microsoft SQL or PostgreSQL Server |
Monopam Server(s) | DNS Servers | UDP/53 | DNS Requests |
Monopam Server(s) | NTP Servers | UDP/123 | Time synchronization |
Monopam Server(s) | Active Directory Servers | TCP/389 TCP/636 | Integration for Active Directory Services |
Monopam Server(s) | Email/SMTP Servers | TCP/25 or TCP/587 | Email notification |
ANY | Monopam Server(s) | TCP/443 | Users SSO operations, and management access. |
Monopam Gateway Server(s) | Any Machine | TCP/22 and TCP/3389 | Monopam Gateway Access to other servers |
Monopam Server(s) Monopam Gateway Server(s) | Monopam Server(s) Monopam Gateway Server(s) | TCP/443 | Monopam to Monopam Gateway Server Communication |
Monopam Gateway Server(s) ANY Machine | ANY Machine Monopam Gateway Server(s) | TCP/4482-4491 | Monopam Agent Communication |
Monopam Gateway Server(s) | NFS Server | TCP/2049 | If NFS share is going to be used |
Monopam Gateway Server(s) | CIFS/SMB Server | UDP/137 UDP/138 TCP/139 TCP445 | If CIFS/SMB share is going to be used |
*Microsoft SQL Server named instances are configured to use dynamic ports in a range between 49152–65535. If named instance decided to use for Monofor products it must be open dynamic ports between Monofor Servers to Database Servers.
Internet to DMZ Access
Source | Destination | Service/Port | Information |
|---|---|---|---|
ANY | Monopam DMZ Server(s) | TCP/443 | Account portal Public Access |
DMZ to Internal Access
Source | Destination | Service/Port | Information |
|---|---|---|---|
Monopam DMZ Server(s) | Monopam Server(s) | TCP/443 | Monopam DMZ servers to Monopam Production Servers communication. |
Docker-Swarm for High Availability
Source | Destination | Service/Port | Information |
|---|---|---|---|
Monopam Server(s) | Monopam Server(s) | TCP/2377 | Docker Swarm cluster management communication |
Monopam Server(s) | Monopam Server(s) | TCP/7946 UDP/7946 | Docker Swarm cluster nodes communication |
Monopam Server(s) | Monopam Server(s) | TCP/4789 | Docker Swarm cluster node overlay network traffic communication |