...
7742 and [13000 to 13010] is required by the Terminal VPN.
Allows Used for VPN-protected BATM communications with CAS, so allow ALLOW when using the Terminal VPN.
...
Initially used until the Administration VPN is configured, then disabled.
See below: unprotected ADMIN access
Block public port 7777 after enabling the Administration VPN.
[12000 through 12050] ALLOW are also required for CAS Administration access via VPN.
See below: ADMIN access: secure
7743 is OPTIONAL - may be used by various extensions (Onfido, etc).
when in doubt, tighten security by keeping this port blocked. You can always turn it back on again later if necessary, but you can’t undo a security breach. Block it to be safe.
443 is OPTIONAL - may be used by nginx (or other web servers) the CAS REST API
80 and 443 may be opened for NGINX when implementing a proxy server.
when forwarding port 7777 - is not recommended (block it), and is a security risk on a public server.
Block after enabling the Administration VPN: https://generalbytes.atlassian.net/l/cp/W0qvjkaT
Allow only if you use Veriffthe CAS REST API.
Info |
---|
More: Terminal Security - protect your CAS from Terminal attacks CAS Admin - secure your Administration page via VPN Digital Ocean: How To Set Up a Firewall with UFW on Ubuntu 20.04 |
...