Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

7742 and [13000 to 13010] is required by the Terminal VPN.

  • Allows Used for VPN-protected BATM communications with CAS, so allow ALLOW when using the Terminal VPN.

...

  • Initially used until the Administration VPN is configured, then disabled.

  • See below: unprotected ADMIN access

  • Block public port 7777 after enabling the Administration VPN.

[12000 through 12050] ALLOW are also required for CAS Administration access via VPN.

7743 is OPTIONAL - may be used by various extensions (Onfido, etc).

  • when in doubt, tighten security by keeping this port blocked. You can always turn it back on again later if necessary, but you can’t undo a security breach. Block it to be safe.

443 is OPTIONAL - may be used by nginx (or other web servers) the CAS REST API

80 and 443 may be opened for NGINX when implementing a proxy server.

Info

More:

Terminal Security - protect your CAS from Terminal attacks

CAS Admin - secure your Administration page via VPN

Digital Ocean: How To Set Up a Firewall with UFW on Ubuntu 20.04

...