Interface schematic

  • 2 minute read
Prev Next

Full details of the requirements for setting up an Appgate SDP Collective are covered in the topic System Connections. Some step-by-step connectivity trouble shooting guides are also available in Troubleshooting user/device access.

Diagram illustrating network traffic flow between AWS and Azure components with various controllers and gateways.

* The LogServer can be interchanged with the LogForwarder.

Most of the communications within the Collective uses TCP port 443. (UDP Port 443 and 53 are required when SPA is used in UDP-TCP mode.)

Port 443 is used:

  • for Clients (including the Connector/Portal)  to make connections TO Controllers/Gateways.

  • by  appliances to make connections TO Controllers. This communication is only very limited and network capacity should not be a cause for concern even in larger-scale environments. This connection is used:

  1. for healthchecks -  the Controller requests each Appliance to provide the latest statistics so it can be displayed to the user or feed external monitoring via SNMP or Prometheus.

  2. .when tokens are revoked by an admin - the Controller will push a Token revocation list to each Gateway, so that it can immediately force the Clients to re-establish their connection, ensuring that the Gateway is enforcing the latest Policies.

  3. to send configuration updates when an appliance's configuration is changed by the Admin.

  4. by each appliance when it queries the Controller for its current configuration at start up, and also does so periodically (no more frequently than once every 15 minutes) to make sure it’s up to date. This is designed to cover the scenario where an appliance is offline at the moment a configuration change is made in the admin UI.

  • by appliances to send audit logs TO the LogServer/LogForwarder

  1. Appliances will be sending audit log records to the LogServer/LogForwarder. These are typically quite small but the frequency/volume depends on the size of the system. Budget for 1 log record/user/second within the entire Collective. Log records are about 1.5KB each. So with 1000 users on a Gateway this might result in 1.5MB/s. With a 1Gbe NIC this would represent just over 1%.

  • by appliances to send metrics TO the Metrics Aggregator

  • Appliances will be sending metrics to the Metrics Aggregator. These are typically quite small but the volume depends on the size of the system.

Related articles