Firewall Requirements - v2023.04

MonoFor has different kinds of integrations, and it needs some firewall access. In the table below these accesses are described.

Internet Access

Source

Destination

Service/Port

Information

MonoSign Server(s)

*.monosign.com

*.monofor.com

TCP/443

For MonoSign images, updates license check and configuration

MonoSign Server(s)

download.docker.com

TCP/443

Docker required package installation

MonoSign Server(s)

Operating System repositories

TCP/80

TCP/443

OS upgrades and some necessary packages

Internal Access

Source	Destination	Service/Port	Information
Monosign Server(s)	Database Servers	TCP/1433 UDP/1434 TCP/5432	^*Microsoft SQL or PostgreSQL Server
MonoSign Server(s)	DNS Servers	UDP/53	DNS Requests
MonoSign Server(s)	NTP Servers	UDP/123	Time synchronization
MonoSign Server(s)	Active Directory Servers	TCP/389 TCP/636	Integration for Active Directory Services
MonoSign Server(s)	Email/SMTP Servers	TCP/25 or TCP/587	Email notification
Any Radius Clients	MonoSign Server(s)	UDP/1812 UDP/1813	Radius integration.
ANY	Monosign Server(s)	TCP/443	Users SSO operations, and management access.

^*Microsoft SQL Server named instances are configured to use dynamic ports in a range between 49152–65535. If named instance decided to use for Monofor products it must be open dynamic ports between Monofor Servers to Database Servers.

Internet to DMZ Access

Source	Destination	Service/Port	Information
ANY	MonoSign DMZ Server(s)	TCP/443	Account portal Public Access

DMZ to Internal Access

Source	Destination	Service/Port	Information
MonoSign DMZ Server(s)	MonoSign Server(s)	TCP/443	MonoSign DMZ servers to MonoSign Production Servers communication.

Docker-Swarm for High Availability

Source

Destination

Service/Port

Information

MonoSign Server(s)

TCP/2377

Docker Swarm cluster management communication

MonoSign Server(s)

TCP/7946

UDP/7946

Docker Swarm cluster nodes communication

MonoSign Server(s)

TCP/4789

Docker Swarm cluster node overlay network traffic communication