Network Requirements

Estimated reading: 3 minutes 1551 views

To establish a secure connection between the MyPass Cloud platform and your credential repositories, the Gateway is used to proxy traffic. All traffic to the Gateway will always originate from the MyPass Cloud platform.

The Gateway can be deployed within the local network or a DMZ, if you prefer. If the Gateway is deployed in a DMZ, only HTTPS (443) traffic needs to be allowed from the internet to the Gateway, while the ports required from the DMZ to the local network will depend on the credential repositories that are being accessed. More information on this can be found in the integration guide for each target credential repository.

Publishing the Gateway

To securely publish the Gateway to the MyPass Cloud platform, a few steps are required. These include:

The Gateway server must be provided with a PUBLIC IP ADDRESS that is presented via NAT (Network Address Translation) to the public internet. For Gateway traffic, this can be achieved through application delivery controllers or firewalls. 

The Gateway server must be provided with a PUBLIC IP ADDRESS that is presented via NAT (Network Address Translation) to the public internet. For Gateway traffic, this can be achieved through application delivery controllers or firewalls. 

Firewall rules needs to be configured on your edge appliance to allow the MyPass Cloud platform IP address pool to access your Gateway server over port 443 – incoming – TCP only.

MyPass POD1 Customers:

  • 102.37.104.14
  • 102.37.122.52
  • 102.37.124.197

MyPass POD 2 Customers:

  • 102.133.232.144
  • 40.120.25.31
  • 40.120.25.105

To securely encrypt traffic between the MyPass Cloud platform and the Gateway, you need to take a few actions:

  1. An existing (customer owned) or new web server SSL certificate must installed on the Gateway server to allow incoming SSL connections to Microsoft IIS. (e.g. gateway1.yourcompanyname.xyz)
  2. The certificate must be added to the server and installed on the Default Site within IIS, ready for the deployment of the Gateway web services.
  3. A public DNS A-record (associated with the domain name of the loaded certificate) should be created to resolve the hostname (on the certificate) to the public NAT IP address of the Gateway server (e.g. gateway1.yourcompanyname.xyz -> 41.32.4.123)
  4. Finally, the protocols and ciphers of the published certificate can be updated on the Gateway server to only allow modern and strong encryption.

Once all the above-mentioned requirements have been successfully implemented, communications between the MyPass Cloud platform and the Gateway server can be validated.

To do this, please email your deployment partner, MyPass Project Manager or simply create a request by emailing [email protected].