Cryptzone Support

 
If you wish to submit a support ticket please sign in to your customer portal or use the “submit a ticket” button at the top menu.
If you need to find documentation about our Sheriff Suite please login to the Hive- Click Here

 

Article

How-To OSX AppGate (classic) client integration with a 3rd party device firewall

« Go Back

Information

 
Article Number000001066
Article

Note: This article pertains to the AppGate IP Tunneling Driver (IPTD) running on Apple OS X Mavericks 10.9.2+ with a 3rd party device firewall.

Several AppGate daemons communicate with the AppGate client software using the internal loopback interface on the OS X client. (The default address is 127.0.0.1)

When using a 3rd party device firewall that controls traffic on the internal loopback interface it is necessary to open specific TCP ports to allow the AppGate client to communicate with the daemons running on the local system.

Note: If the features provided by a specific daemon are not in used we still recommend allowing the traffic in the 3rd party device firewall. If traffic is NOT allowed the AppGate client will wait a predetermined timeout period when trying to communicate with each daemon before completing the login process. This will result in an extremely slow login process for your users.

 

Daemons:

ag_atend (tcp/48624-65535) - This process is used to run custom scripts when each session is completed.

ag_iptd (tcp/7270, tcp/48524-65535) - This process is used for tunneling UDP and dynamic port traffic.

ag_pfw (tcp/7271) - This process is the AppGate device firewall which should NOT be used if a 3rd party device firewall is in use.

ag_mud (tcp/7893) - This process is used when the AppGate client is installed on a multi-user system such as Citrix so the AppGate system can differentiate between individual users.

 

Rules:

Configure the 3rd party device firewall ACLs to allow the following traffic flows. 

Permit loopback:tcp/7270 <-----> loopback:tcp/any

Permit loopback:tcp/any <-----> loopback:tcp/7270

Permit loopback:tcp/48524-65525 <-----> loopback:tcp/48524-65525

Permit loopback:tcp/7271 <-----> loopback:tcp/any

Permit loopback:tcp/any <-----> loopback:tcp/7271

Permit loopback:tcp/7893 <-----> loopback:tcp/any

Permit loopback:tcp/any <-----> loopback:tcp/7271

 

 

 

 

 

 

Related File 
Additional Files 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255