Solved

best practice for the publisher implementation behind the FW

  • 19 February 2024
  • 2 replies
  • 86 views

Where is the recommanded location (DMZ or Server zone) to implement the publisher in the firewall protected environment? All the port need to be opened to the back-end servers on the firewall?

is the traffice flow is correct?

End-users → tunnel  →  publisher -->(open all required ports on the FW ) → App servers

icon

Best answer by rpastorino 20 February 2024, 17:40

View original

2 replies

Hi, it’s more End user → gw/stitcher ← publisher → |eventual firewall| → application
(publisher traffic to Netskope cloud is only outbound)
So its correct to open traffic from publisher to internal zone only to the ip and ports needed to access published application. We did a specific zone in our fw dedicated to the publishers.

 

Hi, it’s more End user → gw/stitcher ← publisher → |eventual firewall| → application
(publisher traffic to Netskope cloud is only outbound)
So its correct to open traffic from publisher to internal zone only to the ip and ports needed to access published application. We did a specific zone in our fw dedicated to the publishers.

 

Thank for the explaination. May I know the ports that were required from end users and publisher to the Netskope cloud? 443 only?

Reply