We recommend that you configure a firewall and load balancer between external internet traffic and the Secure Proxy Server. We also recommend that you configure a firewall and load balancer between the Secure Proxy Server and the system's application tier.
The following table shows the ports to configure on your firewalls and load balancers. The load balancer receives inbound traffic from the originating component over the Port In. Traffic traveling outbound from the load balancer uses the Port Out.
Open the appropriate ports on your load balancers.
|
Component |
Port In |
Port Out |
Traffic Flow |
Description |
|
Web Tier Load Balancer (LB1) |
443 |
443 |
(ext)->LB1->SPS |
External traffic distributed across all Secure Proxy Server (SPS) instances. |
|
Web Tier Load Balancer |
8443 |
8443 |
(ext)->LB1->L7 |
External calls to the Layer 7 Gateway (L7) distributed across all Gateway instances. |
|
Web Tier Load Balancer |
1812 |
1812 |
(ext)->LB1->SPS |
External calls to the Radius Proxy server (Radius) distributed across all SPS instances. |
|
Application Tier Load Balancer (LB2) |
8443 |
8080 |
a) SPS->LB2->IM
b) SPS->LB2-> IM.SMTP |
a) Identity Management (IM) requests coming from SPS distributed across all IM instances. b) SMTP requests coming from SPS distributed across all IM instances. |
|
Application Tier Load Balancer |
8080 |
8080 |
a) IMPS->LB2->IM
b) SMPS->LB2->IM |
a) IM requests coming from IdentityMinder Provisioning Server (IMPS) distributed across all IM instances. b) IM requests coming from SiteMinder Proxy Server (SMPS) distributed across all IM instances. |
|
Application Tier Load Balancer |
22002 |
22001 |
SPS->LB2->IAMCS |
CA IAM Connector Server (IAMCS) requests coming from SPS distributed across all IM instances. |
|
Application Tier Load Balancer |
443 |
20080 |
SPS->LB2->IAMCS |
IAMCS management requests coming from SPS distributed across all IM instances. |
|
Application Tier Load Balancer |
44441 |
44441 |
a) SPS->LB2->SMPS
b) IM->LB2->SMPS |
a) SMPS requests coming from SPS distributed across all SMPS instances. b) SMPS requests coming from IM distributed across all SMPS instances. |
|
Application Tier Load Balancer |
9443 |
9090 |
a) SPS->LB2->SMPS
b) SPS->LB2->SMPS |
a) SMPS (authentication tenant web services) requests coming from SPS distributed across all SMPS instances. b) SMPS (authentication data service) requests coming from SPS distributed across all SMPS instances. |
|
Application Tier Load Balancer |
9090 |
9090 |
IM->LB2->SMPS |
SPMS (authentication unified directory service) requests coming from the CSP console distributed across all SMPS instances. |
|
Application Tier Load Balancer |
9743 |
9742 |
SPS->LB2->SMPS |
SMPS (AuthMinder) requests coming from SPS distributed across all SMPS instances. |
|
Application Tier Load Balancer |
9742 |
9742 |
IM->LB2->SMPS |
SMPS (AuthMinder) requests coming from IM distributed across all SMPS instances. |
|
Application Tier Load Balancer |
9745 |
9745 |
IM->LB2->SMPS |
SMPS (AuthMinder management service) requests coming from IM distributed across all SMPS instances. |
|
Application Tier Load Balancer |
7680 |
7680 |
IM->LB2->SMPS |
SMPS (RiskMinder) requests coming from IM distributed across all SMPS instances. |
|
Application Tier Load Balancer |
1812 |
1814 |
SPS->LB2->Auth.Radius |
Radius requests coming from the Radius Proxy running inside SPS. Port 1814 is used to respond back to the Radius Proxy. |
|
Application Tier Load Balancer |
20498 |
20498 |
L7->LB2->DXrouter |
User Directory requests coming from the Layer 7 Gateway distributed across the application tier DXrouter instances. |
IM = CA Identity Management
SPS = Secure Proxy Server
IMPS = IdentityMinder Provisioning Server
SMPS = SiteMinder Policy Server
IAMCS = CA IAM Connector Server
L7 = Layer 7 Gateway Server
Radius = Radius Proxy Server
|
Copyright © 2013 CA.
All rights reserved.
|
|