Table of Contents
Advertisement
Configure Router ACL Settings
Service
Functional
Need
SBX
Data Sent
to Cloud
DNS
URL
address
lookup
DNS
URL
address
lookup
PING
2094532-001 D 02 2018
This section is only applicable if a firewall or a router exists in front of
the MFA in the facility network.
Note
Give this information to the facility IT team or the network design
team for this configuration.
The Network must be configured to allow the below mentioned
protocols and ports in the specified directions, irrespective of the
variant of router or firewall present on the network.
.
Communication Partner
Source
Source
network
device/IP
address
Facility
Any
Network
Facility
Any
Network
Facility
Any
Network
Facility
Any
Network
The below example illustrates the entries required for Cisco 2901
Router. In case any other router is used then these entries might
change however the above principle remains the same.
•
INBOUND (ip access-list extended ENinbound)
•
permit tcp any any eq 443
•
permit udp any any reflect enin timeout 300
•
permit tcp any any eq domain
•
permit icmp any any
•
OUTBOUND ( ip access-list extended ENoutbound)
•
evaluate enin
•
permit tcp any any eq 443
•
permit tcp any any eq domain
•
permit udp any any eq domain
•
permit icmp any any
Desitination
Destination
Network
device/IP
address
Internet
Any
Internet
Any
Internet
Any
Internet
Any
Protocols
Port
Direction
(relative to
the device
TCP, UDP,
etc.
TCP
443
Bidirectional
TCP
53
Bidirectional
UDP
53
Bidirectional
ICMP
ICMP
Bidirectional
37
Advertisement
Table of Contents
