...
Inbound:
http (80/tcp) - for Let’s Encrypt certificates
https (443/tcp) - for main application web interface
Outbound:
smtp (25/tcp) - for sending out e-mails, can be limited to smtp relay server’s address
http (80/tcp), https (443/tcp) - for downloading updates and license
ldap (389/tcp, 636/tcp) - for integration with Active Directory, can be limited to AD’s address
diagnostics (2222/tcp) - for allowing remote diagnostics, can be limited to recon.sonpo.io address
When installing and running behind an SSL inspection proxy (optional)
Copy the inspection’s certificate authority, for example CA.crt, into /etc/pki/ca-trust/source/anchors and run:
...