Network Configuration
Last updated
Last updated
The X-Road Security Servers mediate service calls and service responses between Information Systems.
They can be placed in a DMZ between the Information Systems they serve and the Internet.
A Security Server requires the following open ports for proper functioning:
| Port | Purpose |
|---|---|
Inbound ports from external network | Ports for inbound connections from the external network to the security server |
TCP 5500 | Message exchange between security servers |
TCP 5577 | Querying of OCSP responses between security servers |
Outbound ports to external network | Ports for outbound connections from the security server to the external network |
TCP 5500 | Message exchange between security servers |
TCP 5577 | Querying of OCSP responses between security servers |
TCP 4001 | Communication with the central server |
TCP 80 | Downloading global configuration from the central server |
TCP 80,443 | Most common OCSP and time-stamping services |
Inbound ports from internal network | Ports for inbound connections from the internal network to the security server |
TCP 4000 | User interface and management REST API (local network). Must not be accessible from the internet! |
TCP 80, 443 | Information system access points (local network). Must not be accessible from the external network without strong authentication. If open to the external network, IP filtering is strongly recommended. |
Outbound ports to internal network | Ports for inbound connections from the internal network to the security server |
TCP 80, 443, other | Producer information system endpoints |
The following table contains the CIDR masks / IP addresses of the central components of the Icelandic X-Road network which need to be whitelisted by all Security Servers.
| Component | IS | IS-TEST | IS-DEV |
|---|---|---|---|
Central Server |
|
|
|
Mgmt. Security Server |
|
|
|
Central Monitoring Server |
|
|
|
