Possible firewall changes needed for Information Centric Encryption (ICE) 102 On-Premise Key Store

book

Article ID: 171096

calendar_today

Updated On:

Products

Information Centric Encryption

Issue/Introduction

Changes that may be required on your firewall when implementing On-Premise Key Store in Information Centric Encryption (ICE) 102.

Environment

ICE 102 - On-Premise Key Store

Resolution

Details of this are in the online Help for ICE 102:
http://help.symantec.com/home/ICE1.0?locale=EN_US

  • ICE On-Premises Key Store is using Blue Coat NTP (TCP/UDP 123) to sync clock (UTC)
  • HTTPS OUT (TCP 443) must be allowed
  • HTTP OUT (TCP 80) may be required
  • HTTPS IN (TCP 443) should be allowed for administration (may restrict source)
  • SSH IN (TCP 22) is needed if CLI will be accessed remotely
  • DNS (TCP/UDP 53)