2.4. Communication

2.4.1. Secure Internal Communication

The communication between suSSHi Gateways and suSSHi Chef is called “Secure Internal Communication” (SIC). This comprises a total of three TCP protocols.

If a network firewall is installed between the gateways and suSSHi Chef, these protocols must be enabled according to the following table:

Source

Destination

Protocol

Port

Description

Purpose

suSSHi Gateway(s)

suSSHi Chef

TCP

8443

HTTPS with mutual authentication

  • Configuration synchronization

  • Session Authentication and Authorization

  • Session Reports

suSSHi Gateway(s)

suSSHi Chef

TCP

6514

RELP over TLS

  • System and Session Logging to suSSHi Chef

suSSHi Chef

suSSHi Gateway(s)

TCP

22 *

SSH

  • Status Gathering

  • Host Key Scanning

  • Configuration Reload triggers

  • Session dropping

*

Standard SSH port, may differ if you plan to run your suSSHi Gateway on a non-standard port.

2.4.2. System Events

suSSHi Chef gets logging feeds for system and session messages from all suSSHi Gateways. Using the Syslog (RFC 5424) protocol, these messages messages can be forwarded.

suSSHi Chef supports UDP, TCP and RELP (over TCP) to up to two external Syslog servers. If two Syslog servers are configured, both servers get the Syslog information in parallel. The port for UDP, TCP and RELP can be configured as well.

For the available configuration options, please refer to System > Preferences.