Network, Firewall and Security

Author: [email protected] 96 views

In order to establish a secure connection between the MyPass Password Manager and customer repositories, the MyPass Gateway is used to proxy traffic. All traffic to the MyPass Gateway will always originate from the MyPass Password Manager and is only incoming (the MyPass Gateway will never initiate traffic to the public internet).  The MyPass Gateway can be deployed within the LAN or DMZ of a customer site and requires a secure access from the MyPass Password Manager platform.

Securing the Communications

To secure the channel between the customer and the MyPass Password Manager infrastructure, several measures are put in place:

  • Mutual firewall policies to restrict the flow of traffic (HTTPS from MyPass Password Manager to the MyPass Gateway server only)
  • Mutual application policies are configured during the installation of the MyPass Gateway to restrict traffic to the MyPass Password Manager infrastructure
  • An SSL certificate is deployed to the MyPass Gateway server to use in conjunction with IIS, to secure communications (certificate to be provided by the customer)

Implementing the Requirements

For this to be achieved, the following requirements must be met to secure publish the MyPass Gateway to the MyPass Password Manager:

  1. The MyPass Gateway server needs to be provided with a PUBLIC IP ADDRESS that is presented via NAT (Network Address Translation) to the public internet.
  2. Firewall rules needs to be configured on the customer infrastructure to allow the public MyPass Password Manager IP addresses to access the MyPass Gateway Server over TLS (incoming via port 443 – TCP only) 

2.1 For MyPass Customers (102.37.104.14, 102.37.122.52, 102.37.124.197)

2.2 For PassReset Customers (102.133.232.144, 40.120.25.31, 40.120.25.105)

3. An existing (customer owned) or new web server SSL certificate must be procured and installed on the MyPass Gateway server to allow incoming SSL connections to Microsoft IIS. (e.g. gateway.customer.co.za)

4. A public DNS A-record should be created to resolve the host SSL certificate name to the public NAT IP address of the MyPass Gateway server (e.g. gateway.customer.co.za -> 41.32.4.123)

Validating the Network Requirements

Once all the above-mentioned requirements have been successfully implemented, communications between the MyPass Password Manager and the MyPass Gateway server can be validated. In order for us to assist you with the, please email you Project Manager or create a support request by emailing [email protected].