eDirectory should be used along with firewalls. A firewall is essential for ensuring the effective protection of network-based services. This can be built into the host operating system or obtained through third-party software. It is highly recommended to use a firewall on the host operating system to restrict network resource access available from the host system. Without it, operating systems may not be able to effectively limit access to network services.
The eDirectory tree Certificate Authority (CA) hosting system should have firewall rules assigned to it, and the following ports should be enabled on the platform supported by eDirectory:
Name |
Port Range |
Action |
Description |
---|---|---|---|
SSH |
TCP 22 |
ALLOW |
Allows SSH traffic from SSH Proxy. |
NCP |
TCP 524 |
ALLOW |
Allows NCP traffic for eDirectory in backend subnet. |
LDAPS |
TCP 636 |
ALLOW |
Allows secured LDAP traffic in backend subnet. |
SLP |
Any 427 |
ALLOW |
Allows SLP traffic in the backend subnet. |
All Traffic |
All |
DENY |
Denies all inbound traffic. |