Setup and virtual machine requirements
Virtual machine requirements
To deploy Enterprise Security Connector:
- Deploy the security connector on Microsoft Hyper-V hypervisor or VMware ESXi version 5.5 or later.
- Make sure the virtual machine
meets these resource requirements:
- RAM: 2 GB
- Disk Space: 40 GB
- CPU: 2 Cores
- Configure your organization's
- Allow outbound connections to TCP port 443 and to allow UDP traffic on port 123 for the virtual machine's management interface.
- For DNS Forwarder, allow
outbound TCP port 443 for hostnames
dotas the Application-Layer Protector Navigation (ALPN). This configuration is required for DNS over TLS connections.Note: If you configured TCP port 853 as the port for DNS over TLS (DoT) instead of 443, make sure you allow outbound connections on port 853.
- Deploy the security connector on the same local area network (LAN) as user computers.
Additionally, you should complete these steps:
- Assign the data interface with an
IP address that is outside the private network ranges defined by Request for
Comment 1918 (RFC 1918):
- 10.0.0.0 - 10.255.255.255 (10/8 prefix)
- 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
- 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
Many forms of malware do not connect to IP addresses in these ranges. If you do not have an unused subnet in your network for this configuration, create one to receive Security Connector traffic.
- Configure the management interface in a secure or isolated location in your internal network. By default, the management interface is not encrypted and operates over TCP port 3000.