LogoLogo
  • Technical Direction
  • Technical overview
    • Technical Implementation
    • API Design Guide
      • Data Definitions and Standards
      • Data Transfer Objects
      • Documentation
      • Environments
      • Error Handling
      • Example API Service
      • GraphQL Naming Conventions
      • Methods
      • Naming Conventions
      • Once Only Principle
      • Pagination
      • Resource Oriented Design
      • REST Request
      • REST Response
      • Security
      • Versioning
    • Ísland.is Public Web Data Flow
    • Code Reviews
    • Code Standards
    • Monorepo
    • Project Management
    • Teamwork
    • Architectural Decision Records
      • Use Markdown Architectural Decision Records
      • Use NX
      • Continuous Integration
      • CSS
      • Branching and Release Strategy
      • Error Tracking and Monitoring
      • What API Management Tool to Consider
      • Viskuausan Static Site Generator
      • Use OAuth 2.0 and OpenID Connect As Protocols for Authentication and Authorization
      • Unified Naming Strategy for Files and Directories
      • CMS
      • Open Source License
      • What Chart Library Should We Use Across Island.is?
      • What Feature Flag Service/application Should We Use at Island.is?
      • Logging, Monitoring and APM Platform
      • ADR Template
    • Log Management Policy
  • Products
    • Island.is Authentication Service
      • Terminology
      • Integration Options
      • Authentication Flows
      • Authorising API Endpoints
      • Session Lifecycle
      • Scopes and Tokens
      • Delegations
      • Configuration
      • Tools and Examples
      • Environments
      • Test IAS with Postman
      • Using the IAS admin portal
    • Notifications / Hnipp
      • New Notification Setup Guide
      • Notifications service workflow overview
      • Email notifications
    • Pósthólfið
      • Security Checklist
      • Introduction
      • Skjalatilkynning API
      • Skjalaveita API
      • Sequence Diagram
      • Interfaces
    • Straumurinn (X-Road)
      • Architecture Guidelines for Service Providers and Consumers
      • Setting up an X-Road Security Server
        • Network Configuration
      • X-Road - Uppfærsla á öryggisþjónum
      • Straumurinn - Notkun og umsýsla
      • X-Road Central - current version
  • Development
    • Getting Started
    • Generating a New Project
    • Definition of done
    • Devops
      • Continuous Delivery
      • Database
      • Dockerizing
      • Environment Setup
      • Logging
      • Metrics
      • NextJS Custom Server
      • Observability
      • Operations Base Principles
      • Security
      • Service Configuration
      • Support
    • AWS Secrets
    • Feature Flags
    • Documentation Contributions
    • Defining Monorepo Boundaries With Tags
    • OpenAPI
    • Code Generation
    • Workspace Settings (Deprecated)
    • External Contributions
  • REFERENCE
    • Problems
      • 400 Validation Failed
      • 400 Attempt Failed
      • 403 Bad Subject
      • 400 500 Template API Error
    • Glossary
  • Misc
    • Guide: Adding a Payment Step to an Application
    • Guide: Enable Organisations to Make Requests to an Application
    • README Template
Powered by GitBook
On this page
  • Network configuration
  • X-Road Network Architecture Diagram
  • Port configuration
  • Central Server IP Addresses

Was this helpful?

  1. Products
  2. Straumurinn (X-Road)
  3. Setting up an X-Road Security Server

Network Configuration

PreviousSetting up an X-Road Security ServerNextX-Road - Uppfærsla á öryggisþjónum

Last updated 1 year ago

Was this helpful?

Network configuration

The X-Road Security Servers mediate service calls and service responses between Information Systems.

They can be placed in a DMZ between the Information Systems they serve and the Internet.

X-Road Network Architecture Diagram

Port configuration

A Security Server requires the following open ports for proper functioning:

Port
Purpose

Inbound ports from external network

Ports for inbound connections from the external network to the security server

TCP 5500

Message exchange between security servers

TCP 5577

Querying of OCSP responses between security servers

Outbound ports to external network

Ports for outbound connections from the security server to the external network

TCP 5500

Message exchange between security servers

TCP 5577

Querying of OCSP responses between security servers

TCP 4001

Communication with the central server

TCP 80

Downloading global configuration from the central server

TCP 80,443

Most common OCSP and time-stamping services

Inbound ports from internal network

Ports for inbound connections from the internal network to the security server

TCP 4000

User interface and management REST API (local network). Must not be accessible from the internet!

TCP 80, 443

Information system access points (local network). Must not be accessible from the external network without strong authentication. If open to the external network, IP filtering is strongly recommended.

Outbound ports to internal network

Ports for inbound connections from the internal network to the security server

TCP 80, 443, other

Producer information system endpoints

Central Server IP Addresses

The following table contains the CIDR masks / IP addresses of the central components of the Icelandic X-Road network which need to be whitelisted by all Security Servers.

Component
IS
IS-TEST
IS-DEV

Central Server

176.57.224.0/25

176.57.224.128/25

176.57.227.96/27

Mgmt. Security Server

176.57.224.0/25

176.57.224.128/25

176.57.227.96/27

Central Monitoring Server

34.252.193.131

34.253.108.248

3.250.245.108

X-Road Network Architecture