Firewall Requirements - v2023.04
MonoFor has different kinds of integrations, and it needs some firewall access. In the table below these accesses are described.
Internet Access
Source | Destination | Service/Port | Information |
|---|---|---|---|
MonoSign Server(s) | *.monosign.com *.monofor.com | TCP/443 | For MonoSign images, updates license check and configuration |
MonoSign Server(s) | download.docker.com | TCP/443 | Docker required package installation |
MonoSign Server(s) | Operating System repositories | TCP/80 TCP/443 | OS upgrades and some necessary packages |
Internal Access
Source | Destination | Service/Port | Information |
|---|---|---|---|
Monosign Server(s) | Database Servers | TCP/1433 UDP/1434 TCP/5432 | *Microsoft SQL or PostgreSQL Server |
MonoSign Server(s) | DNS Servers | UDP/53 | DNS Requests |
MonoSign Server(s) | NTP Servers | UDP/123 | Time synchronization |
MonoSign Server(s) | Active Directory Servers | TCP/389 TCP/636 | Integration for Active Directory Services |
MonoSign Server(s) | Email/SMTP Servers | TCP/25 or TCP/587 | Email notification |
Any Radius Clients | MonoSign Server(s) | UDP/1812 UDP/1813 | RADIUS integration. If you have strict timeout specification for ports, it should be minimum 60 seconds. |
ANY | Monosign Server(s) | TCP/443 | Users SSO operations, and management access. |
*Microsoft SQL Server named instances are configured to use dynamic ports in a range between 49152–65535. If named instance decided to use for Monofor products it must be open dynamic ports between Monofor Servers to Database Servers.
Internet to DMZ Access
Source | Destination | Service/Port | Information |
|---|---|---|---|
ANY | MonoSign DMZ Server(s) | TCP/443 | Account portal Public Access |
DMZ to Internal Access
Source | Destination | Service/Port | Information |
|---|---|---|---|
MonoSign DMZ Server(s) | MonoSign Server(s) | TCP/443 | MonoSign DMZ servers to MonoSign Production Servers communication. |
Docker-Swarm for High Availability
Source | Destination | Service/Port | Information |
|---|---|---|---|
MonoSign Server(s) | MonoSign Server(s) | TCP/2377 | Docker Swarm cluster management communication |
MonoSign Server(s) | MonoSign Server(s) | TCP/7946 UDP/7946 | Docker Swarm cluster nodes communication |
MonoSign Server(s) | MonoSign Server(s) | TCP/4789 | Docker Swarm cluster node overlay network traffic communication |