Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Network Configuration

Network configuration

The X-Road Security Servers mediate service calls and service responses between Information Systems.

They can be placed in a DMZ between the Information Systems they serve and the Internet.

X-Road Network Architecture Diagram

X-Road Network Architecture

Port configuration

A Security Server requires the following open ports for proper functioning:

Port
Purpose

Inbound ports from external network

Ports for inbound connections from the external network to the security server

TCP 5500

Message exchange between security servers

TCP 5577

Querying of OCSP responses between security servers

Outbound ports to external network

Ports for outbound connections from the security server to the external network

TCP 5500

Message exchange between security servers

TCP 5577

Querying of OCSP responses between security servers

TCP 4001

Communication with the central server

TCP 80

Downloading global configuration from the central server

TCP 80,443

Most common OCSP and time-stamping services

Inbound ports from internal network

Ports for inbound connections from the internal network to the security server

TCP 4000

User interface and management REST API (local network). Must not be accessible from the internet!

TCP 80, 443

Information system access points (local network). Must not be accessible from the external network without strong authentication. If open to the external network, IP filtering is strongly recommended.

Outbound ports to internal network

Ports for inbound connections from the internal network to the security server

TCP 80, 443, other

Producer information system endpoints

Central Server IP Addresses

The following table contains the CIDR masks / IP addresses of the central components of the Icelandic X-Road network which need to be whitelisted by all Security Servers.

Component
IS
IS-TEST
IS-DEV

Central Server

176.57.224.0/25

176.57.224.128/25

176.57.227.96/27

Mgmt. Security Server

176.57.224.0/25

176.57.224.128/25

176.57.227.96/27

Central Monitoring Server

34.252.193.131

34.253.108.248

3.250.245.108

PreviousSetting up an X-Road Security ServerNextX-Road - Uppfærsla á öryggisþjónum

Last updated

Was this helpful?