Network Configuration
Last updated
Last updated
The X-Road Security Servers mediate service calls and service responses between Information Systems.
They can be placed in a DMZ between the Information Systems they serve and the Internet.
A Security Server requires the following open ports for proper functioning:
Inbound ports from external network
Ports for inbound connections from the external network to the security server
TCP 5500
Message exchange between security servers
TCP 5577
Querying of OCSP responses between security servers
Outbound ports to external network
Ports for outbound connections from the security server to the external network
TCP 5500
Message exchange between security servers
TCP 5577
Querying of OCSP responses between security servers
TCP 4001
Communication with the central server
TCP 80
Downloading global configuration from the central server
TCP 80,443
Most common OCSP and time-stamping services
Inbound ports from internal network
Ports for inbound connections from the internal network to the security server
TCP 4000
User interface and management REST API (local network). Must not be accessible from the internet!
TCP 80, 443
Information system access points (local network). Must not be accessible from the external network without strong authentication. If open to the external network, IP filtering is strongly recommended.
Outbound ports to internal network
Ports for inbound connections from the internal network to the security server
TCP 80, 443, other
Producer information system endpoints
The following table contains the CIDR masks / IP addresses of the central components of the Icelandic X-Road network which need to be whitelisted by all Security Servers.
Central Server
176.57.224.0/25
176.57.224.128/25
176.57.227.96/27
Mgmt. Security Server
176.57.224.0/25
176.57.224.128/25
176.57.227.96/27
Central Monitoring Server
34.252.193.131
34.253.108.248
3.250.245.108
