Setup and virtual machine requirements

Virtual machine requirements

To deploy Enterprise Security Connector:

  • Deploy the security connector on Microsoft Hyper-V hypervisor or VMware ESXi version 5.5 or later.
  • Make sure the virtual machine meets these resource requirements:
    • RAM: 2 GB
    • Disk Space: 40 GB
    • CPU: 2 Cores
Note: If you intend to use DNS Forwarder, the virtual machine requires 4 GB of RAM and can be increased to 8 GB. If you don’t plan to use Security Connector as a DNS Forwarder, 2 GB of RAM is sufficient.

Network requirements

You must:

  • Configure your organization's firewall to:
    • Allow outbound connections to TCP port 443 and to allow UDP traffic on port 123 for the virtual machine's management interface.
    • For DNS Forwarder, allow outbound TCP port 443 for hostname * with dot as the Application-Layer Protector Navigation (ALPN). This configuration is required for DNS over TLS connections.
      Note: If you configured TCP port 853 as the port for DNS over TLS (DoT) instead of 443, make sure you allow outbound connections on port 853.
  • Deploy the security connector on the same local area network (LAN) as user computers.

Additionally, you should complete these steps:

  • Assign the data interface with an IP address that is outside the private network ranges defined by Request for Comment 1918 (RFC 1918):
    • - (10/8 prefix)
    • - (172.16/12 prefix)
    • - (192.168/16 prefix)

    Many forms of malware do not connect to IP addresses in these ranges. If you do not have an unused subnet in your network for this configuration, create one to receive Security Connector traffic.

  • Configure the management interface in a secure or isolated location in your internal network. By default, the management interface is not encrypted and operates over TCP port 3000.