This is an old revision of the document!
Firewall Settings
APEX communicates using SSL. The following table contains a list of hosts that must be reachable in order for APEX to be installed or be used after the installation:
| Host | IP Address | Description |
|---|---|---|
| dev-ws02.certna.org | 204.246.133.236 | APEX installation host. |
| apex-prd.certna.org | 204.246.133.237 | APEX production ERDS application servers. |
| apex-prd.certnag2g.org | 209.170.199.196 | APEX production G2G application servers. |
| reports.certna.org | 204.246.133.238 | APEX production ERDS report servers. |
| reports.certnag2g.org | 209.170.199.202 | APEX production G2G report servers. |
| *.digicert.com | * | DigiCert PKI certificate services. |
| *.entrust.com | * | Entrust PKI certificate services. |
| *.entrust.net | * | Entrust Code Signing certificate services. |
CeRTNA recognizes that different firewalls are in service at our customers and that firewall features functions can vary broadly. CeRTNA prefers to minimize the amount of IT administrative support required by creating rules based on the following tolerance and/or capabilities of your firewall:
- Use wildcard domains if possible. (Ex: *.certna.org or *.certnag2g.org)
- Use host names if possible. (Ex: apex-prd.certna.org or reports.certna.org)
- Last resort, use IP addresses. (This is the least preferred.)
The preceding list is sorted in order of preference.
In addition to the locations listed above, there are some additional hosts that you also want to allow in order to facilitate the retrieval of Windows Updates and for CeRTNA remote support.
| Host | IP Address | Description |
|---|---|---|
| *.microsoft.com | * | Top-level Microsoft domain, to avoid issues with Windows functionality. |
| *.update.microsoft.com | * | General Windows update domain. |
| *.gotomeeting.com | * | Top-level domain for GoToMeeting web meeting. |
| *.citrixonline.com | * | GoToMeeting is implemented using Citrix servers. |
Configuring the firewall rules for Windows Updates and other fundamental OS support, for example, virus definition files for Symantec Endpoint Protection or other 3rd party anti-virus/anti-malware protection is the responsibility of your organizations IT staff. The information provided in the preceding table is here simply point out that there are additional URL's that may need to be accomodated beyond those that are required for APEX and/or CeRTNA functionality.