Whitelisting Breezy Communication in a Rule-Based Firewall Environment
In Cloud and Hybrid deployments, on-premise components such as Connectors and Rendering Engines need to be able to communicate with the Breezy cloud service.
As a part of every Breezy installation, you should verify with your network administrator that there is an open line of communication between the Breezy servers installed in your environment and the domains and IP ranges specified in the following KB article: IP Whitelist and Reverse Proxy Information for Breezy Cloud Services
Two-way communication is required - however all connections will be initiated from inside the firewall.
To ensure compatibility with a wide variety of network infrastructures and security policies, Breezy does not require an incoming port to be open on the external network. Instead on-premise components check periodically to see if they have any work to do. Therefore connections are always initiated from inside of your firewall; however, once any connection is initiated, your Enterprise's network firewall configurations must allow the on-premise components to receive the response to its request.
Checking for Deep Packet Inspection Appliances
If there are any deep packet inspection appliances installed (such as BlueCoat, SourceFire, etc.) then the administrator of the deep packet inspection network appliances should be made aware that Breezy servers are going to be sending encrypted packets across the network that the packet inspection appliance will be unable to inspect.
This can sometimes be a problem because deep packet inspection appliances often deny routing of packets they cannot inspect. In this case, additional whitelist rules may be required on those specific deep packet inspection appliances in order to allow encrypted traffic to the Breezy on-premise components.
Comments