- Port 443 open in both directions between the Gateway -> Core and Client -> Gateway.
- A public IP address
- No added security devices such as Internet Caching Appliances, SSL redirectors, Packet Inspection, etc. (This doesn't include Firewalls)
- All resolvable names and IP addresses added to the "Additional Hostnames" section of the Gateway Management Web Page. (Additional Hostnames is located on the Gateway Service Tab)
- On new Gateway Appliances private IP address exceptions will need to be configured on the Gateway Firewall. By default all private IP address ranges are blocked. Either exceptions need to be configured (recommended for everyday use) or the private ranges removed (for testing)
- Name resolution. (Required for patches as the Gateway will need to resolve at least one of the following patch servers)
- Port 80 open in both directions between the Gateway and the Internet. This is for Activation and downloading updates to the Gateway Appliance. This also enables the client to reach the Gateway webpage for on-demand remote control.(Note: Activation will happen automatically if this port is open)
- Port 22 open only when needed. This port is used for SSH connections to the Management Gateway. SSH is a target for Brute Force attacks which can be thrwarted by the Firewall blocking this port.
- Port 25 outgoing only. This is for file reports sent via email. Not required.
Dynamic ports are used by applications and are determined by the OS as per the norm, the tunnel to the CSA from the client is still on 443 but it will pass on the intial applications dynamic port to the CSA as shown below: