Table of Contents
In this section you will find a summary about the recommended network and firewall settings for IAM.
IAM uses multiple connections for different purposes.
The proxy ports is where IAM receives its incoming traffic. There are two ports with the following defaults;
8000 for proxying. This is where IAM listens for HTTP traffic. Be sure to change it to
80 once you go to production. See proxy_listen.
8443 for proxying HTTPS traffic. Be sure to change it to
443 once you go to production. See proxy_listen and the
These are the only ports that should be made available to your clients.
This is the port where IAM exposes its management api. Hence in production this port should be firewalled to protect
it from unauthorized access.
8001 provides IAM's Admin API that you can use to operate IAM. See admin_listen.
8444 provides the same IAM Admin API but using HTTPS. See admin_listen and the
Below are the recommended firewall settings:
- The upstream Services behind IAM will be available via the proxy_listen interface/port values.
Configure these values according to the access level you wish to grant to the upstream Services.
- If you are binding the Admin API to a public-facing interface (via admin_listen), then protect it to only allow trusted clients to access the Admin API.
See also Securing the Admin API.
- Your proxy will need have rules added for any TCP Stream listeners that you configure. For example, if you want IAM to manage traffic on port
firewall will need to be allow traffic on said port.