3.3.2 Activating ports
The following ports are required for operating the AGW:
| Port | Source | Destination | Description |
|---|---|---|---|
| Basic functionalities | |||
| TCP 443 (https) | HIN Access Gateway(s) | gateway.hin.ch, apps.hin.ch, auth.hin.ch, agw-manager.hin.ch | Connection to the HIN datacentre for application access. |
| TCP 443 (https) | Clients (end users) | HIN Access Gateway(s) | Access to the access gateway for authentication |
| TCP 389 (ldap) | HIN Access Gateway(s) | Active Directory | Verification of the AD login |
| TCP 636 (ldaps) | HIN Access Gateway(s) | Active Directory | Verification of the AD login |
| TCP 88 | HIN Access Gateway(s) | Active Directory | Verification of the Kerberos token |
| UDP/TCP 464 | HIN Access Gateway(s) | Active Directory | Kerberos for AGW AD Join |
| TCP 2222 (ssh) | HIN Access Gateway(s) | update2.agw.hin.ch | Connection to the HIN datacentre for the support connection |
| TCP 80 (http) | HIN Access Gateway(s) | update2.agw.hin.ch | Obtaining system updates |
| TCP 4433 | Admin clients | HIN Access Gateway(s) | HIN AGW Admin port |
| Cluster | |||
| TCP 22 (ssh) | Between all cluster nodes | Required for synchronising the cluster settings | |
| VRRP 1 | Between all cluster nodes | Required for switching virtual IP address |
-
Virtual Router Redundancy Protocol ↩