Firewall Requirements - v2023.04

MonoFor has different kinds of integrations, and it needs some firewall access. In the table below these accesses are described.

Internet Access

Source	Destination	Service/Port	Information
MonoSign Server(s)	.monosign.com .monofor.com	TCP/443	For MonoSign images, updates license check and configuration
MonoSign Server(s)	download.docker.com	TCP/443	Docker required package installation
MonoSign Server(s)	Operating System repositories	TCP/80 TCP/443	OS upgrades and some necessary packages

Source

Destination

Service/Port

Information

MonoSign Server(s)

*.monosign.com

*.monofor.com

TCP/443

For MonoSign images, updates license check and configuration

MonoSign Server(s)

download.docker.com

TCP/443

Docker required package installation

MonoSign Server(s)

Operating System repositories

TCP/80

TCP/443

OS upgrades and some necessary packages

Internal Access

Source	Destination	Service/Port	Information
Monosign Server(s)	Database Servers	TCP/1433 UDP/1434 TCP/5432	^*Microsoft SQL or PostgreSQL Server
MonoSign Server(s)	DNS Servers	UDP/53	DNS Requests
MonoSign Server(s)	NTP Servers	UDP/123	Time synchronization
MonoSign Server(s)	Active Directory Servers	TCP/389 TCP/636	Integration for Active Directory Services
MonoSign Server(s)	Email/SMTP Servers	TCP/25 or TCP/587	Email notification
Any Radius Clients	MonoSign Server(s)	UDP/1812 UDP/1813	RADIUS integration. If you have strict timeout specification for ports, it should be minimum 60 seconds.
ANY	Monosign Server(s)	TCP/443	Users SSO operations, and management access.

^*Microsoft SQL Server named instances are configured to use dynamic ports in a range between 49152–65535. If named instance decided to use for Monofor products it must be open dynamic ports between Monofor Servers to Database Servers.

Internet to DMZ Access

Source	Destination	Service/Port	Information
ANY	MonoSign DMZ Server(s)	TCP/443	Account portal Public Access

DMZ to Internal Access

Source	Destination	Service/Port	Information
MonoSign DMZ Server(s)	MonoSign Server(s)	TCP/443	MonoSign DMZ servers to MonoSign Production Servers communication.

Docker-Swarm for High Availability

Source	Destination	Service/Port	Information
MonoSign Server(s)	MonoSign Server(s)	TCP/2377	Docker Swarm cluster management communication
MonoSign Server(s)	MonoSign Server(s)	TCP/7946 UDP/7946	Docker Swarm cluster nodes communication
MonoSign Server(s)	MonoSign Server(s)	TCP/4789	Docker Swarm cluster node overlay network traffic communication

Source

Destination

Service/Port

Information

MonoSign Server(s)

TCP/2377

Docker Swarm cluster management communication

MonoSign Server(s)

TCP/7946

UDP/7946

Docker Swarm cluster nodes communication

MonoSign Server(s)

TCP/4789

Docker Swarm cluster node overlay network traffic communication