Conn s nw conf tbl guid - Lecture notes 14 PDF

Title Conn s nw conf tbl guid - Lecture notes 14
Author Elshaday Gelaye
Course Sustainable design
Institution Addis Ababa University
Pages 36
File Size 980.5 KB
File Type PDF
Total Downloads 28
Total Views 149
Preview
CLICK TO PREVIEW PDF
Summary

this is swift configuration guide for ssl encryption....

Description

Connectivity to SWIFT

Network Configuration Tables Guide

This network guide details the network protocols for the SWIFTNet environment and the connectivity requirements of the production and integration environments. This document is for security officers, network administrators, and designers that design and configure secure network solutions for an organisation.

31 March 2021

Link to this document: https://www2.swift.com/go/book/book37438

Connectivity to SWIFT Network Configuration Tables Guide

Table of Contents

Table of Contents Preface............................................................................................................................................................... 4 1

Introduction..............................................................................................................................................5

2

SWIFTNet Servers................................................................................................................................... 6 2.1

SWIFTNet Connections...........................................................................................................................6

2.2

Port Mapping......................................................................................................................................... 13

2.3

DNS Forwarding.................................................................................................................................... 14

3

SWIFTNet Link Network Configuration............................................................................................... 16

4

NTP Configuration................................................................................................................................. 17

5

Remote PED Workstation and Firewalls..............................................................................................18

6

Alliance Cloud Specific Settings..........................................................................................................19

7

8

6.1

User to Application: Alliance Cloud GUI................................................................................................ 19

6.2

Application to Application: SWIFT Integration Layer (SIL) Customer Footprint.....................................19

Alliance Gateway and Firewalls........................................................................................................... 22 7.1

Alliance Web Platform, and Remote APIs (Remote Applications).........................................................23

7.2

Remote file transfer............................................................................................................................... 23

7.3

IBM MQ applications..............................................................................................................................24

7.4

One-time Password Authentication Servers..........................................................................................24

7.5

Alliance Gateway SNMP logging...........................................................................................................25

7.6

Lightweight Directory Access Protocol (LDAP)......................................................................................25

Alliance Connect Specific Settings..................................................................................................... 26 8.1

9

Alliance Lifeline Specific Settings....................................................................................................... 28 9.1

10

Firewall Settings.................................................................................................................................... 26

Firewall Settings.................................................................................................................................... 28

Alliance Lite2 Specific Settings........................................................................................................... 30 10.1 Firewall Settings.................................................................................................................................... 30

11

Alliance Remote Gateway Specific Settings....................................................................................... 32 11.1 Firewall Settings.................................................................................................................................... 32

31 March 2021

2

Connectivity to SWIFT Network Configuration Tables Guide

12

Table of Contents

SWIFT WebAccess................................................................................................................................ 34 12.1 Global Approach to SWIFT WebAccess................................................................................................34 12.2 SWIFT WebAccess Service Providers.................................................................................................. 34 12.3 SWIFT WebAccess Members................................................................................................................35

Legal Notices................................................................................................................................................... 36

31 March 2021

3

Connectivity to SWIFT Network Configuration Tables Guide

Preface

Preface Purpose of the document This document assists security officers, network administrators, and designers to design and configure secure network solutions for their organisations. Audience This document is for the following audience: •

security officers who want to assess the compliance of the SWIFTNet service network access requirements with their own security policies



network security administrators who configure network access control devices between their own networks and the SWIFT secure IP network



network designers or network administrators who design solutions that suit the requirements of SWIFT and of their own organisations Note

SWIFT recommends that during the SWIFTNet implementation process, one of the individuals acts as the contact during installation of the telecommunications equipment.

For solutions using the SWIFTNet Instant messaging service with AGI software, the network configuration requirements can be found in a separate document: SWIFTNet Instant System and Network Requirements. Significant changes These tables list the significant changes to the document since the previous release on July 2020. The tables do not include editorial changes that SWIFT may have made to improve the usability and comprehension of the document. New information

Location

Updated network information for Alliance Cloud

Alliance Cloud Specific Settings on page 19

Updated network information for SWIFTNet

SWIFTNet Connections on page 6

Related documentation The following documents relate to this guide:

31 March 2021



Alliance Connect Bronze Service Description



Alliance Connect Bronze Implementation Guide - SSG VPN Boxes



Alliance Connect Silver Service Description - SSG VPN Boxes



Alliance Connect Silver Implementation Guide - SSG VPN Boxes



Alliance Connect Silver Plus Implementation Guide - SSG VPN Boxes



Alliance Connect Gold Service Description - SSG VPN Boxes



Alliance Connect Gold Implementation Guide - SSG VPN Boxes



SWIFT WebAccess Configuration and Troubleshooting Guide



Network Access Control Guide



SWIFTNet Instant System and Network Requirements

4

Connectivity to SWIFT Network Configuration Tables Guide

1

Introduction

Introduction SWIFTNet services SWIFTNet provides secure communication between two parties that are connected to the SWIFT secure IP network. Based on Internet Protocol technologies, the secure IP network provides robust transport services that SWIFTNet services and products require. Security policies Exceptionally, some security policies can impact the end-to-end performance of SWIFTNet. If you have any questions about the possible performance impact of a SWIFT security policy proposal, then please contact a SWIFT security representative. SWIFT has implemented strict security measures that it has designed to ensure that the SWIFT network is protected and safe. A SWIFT customer's own security policy can recommend or mandate the deployment of network access control devices between the customer's network and SWIFT's network. SWIFT encourages customers to deploy such controls. The customer must bring the network (firewall) in line with the Network Configuration Tables Guide. Only then can releases of SWIFTNet Link and Alliance Gateway be installed and used. The address information described in the Network Configuration Tables Guide is confidential. The customer must maintain its confidentiality. Alliance Connect products overview SWIFT's Alliance Connect products (Bronze, Silver, Silver Plus, Gold) offer the possibility to connect through the internet. You can also connect through one or more Network Partners who provide and install managed customer premises equipment and local loops at your premises. The following portfolio options are available: •



SSG5 VPN boxes - all options include 2 VPN boxes -

Gold with 2 leased lines

-

Silver and Silver Plus with 1 leased line and 1 internet connection

-

Bronze with 1 or 2 internet connections

SRX VPN boxes (replacement to SSG5 VPN boxes) -

AC Gold with 2 VPN boxes and 2,3 or 4 leased lines

-

AC Silver and Silver Plus with 2 VPN boxes, 1 leased line and 1 internet connection

-

AC Silver with 1 VPN and 1 leased line

-

AC Bronze with 2 VPN and 2 internet connections

-

AC Bronze with 1 VPN and 1 internet connection

For more information about the Alliance Connect products, see the Alliance Connect product page on www.swift.com.

31 March 2021

5

Connectivity to SWIFT Network Configuration Tables Guide

2

SWIFTNet Servers

SWIFTNet Servers The tables in this document list the SWIFT central servers that are visible from customer sites (SWIFTNet Link) in the production and integration testbed networks. Scope •

The sections Client Connections to SWIFT on page 7 and Client Connections to SWIFT (ITB) on page 10 list the connections to the central servers that are opened on the initiative of the SWIFTNet Link.



The section Restrict the Switch Port Range on page 13 shows the mapping for the SWIFTNet Link identification codes (SNL IDs) to Switch port ranges.

In this document, the term SWIFTNet Link host refers to a system that is directly connected to SWIFTNet, and that runs SWIFTNet Link software. The SWIFTNet Link host category includes hosts running Alliance Gateway software on top of SWIFTNet Link. Table structure The structure of the tables in sections Client Connections to SWIFT on page 7 and Client Connections to SWIFT (ITB) on page 10 is as follows:

2.1



From System column: indicates the initiating system of the connection.



The table does not list the source IP address. It is the user-defined SWIFTNet Link host IP address that the customer provides to SWIFT during the SWIFTNet ordering process.



The table does not list the source ports. Source ports higher than 1023/tcp initiate all TCP-listed sessions. Source ports of 53/udp or higher than 1023/udp send DNS queries.



The Destination columns list the SWIFT central servers, and the associated IP addresses and ports.

SWIFTNet Connections The following sections provide information about connections from clients to the SWIFT production network. Related information Client Connections to SWIFT on page 7 Client Connections to SWIFT (ITB) on page 10 Port Mapping on page 13 DNS Forwarding on page 14

31 March 2021

6

Connectivity to SWIFT Network Configuration Tables Guide

2.1.1

SWIFTNet Servers

Client Connections to SWIFT MV-SIPN Destination

System Type

MV-SIPN IP Address

Alliance 149.134.255.252 Connect Bronze/ Silver/Silver Plus SSG5 VPN box

Protocol

Usage

Port 443/tcp

Alliance 169.254.0.250 8010/tcp Connect Bronze/ Subnet: 255.255.255.0 Silver/Silver Plus SRX VPN box

Source From System

HTTPS

SWIFTNet Link Allows to reach the VPN GUI with this default IP in order to configure IP or PPPoE settings related to the ISP.

HTTP

Allows the VPN box to fetch XML configuration file produced by the VPN Interface Configuration tool. This tool is used to configure speed/duplex mode for LAN or Leased Line/Internet connections, and to configure IP settings (DHCP, nonDHCP, PPPoE) for Internet connections.

SRX Alliance Connect Bronze, Silver, Silver Plus, Gold: ethernet port 0/7 using fixed IP 169.254.0.1 with subnet 255.255.255.0

VPN Interface Configuration tool

Alliance Managed Operations

149.134.252.3

443/tcp

HTTPS

HTTP Secure Web Access for Alliance Managed Operations

SWIFTNet Link or any other host, see(1)

CA/RA

149.134.244.131

709/tcp

PKIX

Public Key Infrastructure Certificate Management Protocol

SWIFTNet Link

149.134.244.129

389/tcp 1100-1109/tcp

LDAP

SWIFTNet Link

149.134.244.130

1200-1209/tcp

Retrieve security certificates

149.134.252.4

1300-1309/tcp

149.134.252.6

1400-1409/tcp

DNS

Name resolution

SWIFTNet Link

149.134.252.2 Directory

1500-1509/tcp 1600-1609/tcp 24389/tcp 25100-25109/tcp 25200-25209/tcp 25300-25309/tcp 25400-25409/tcp 25500-25509/tcp 25600-25609/tcp(2) DNS

149.134.244.133

53/udp

149.134.252.7

31 March 2021

7

Connectivity to SWIFT Network Configuration Tables Guide

SWIFTNet Servers

Destination System Type

MV-SIPN IP Address

Protocol

Usage

Port

Source From System

49171/tcp

HTTPS

HTTP Secure - Web access

149.134.127.49

443/tcp

HTTPS

FileAct flows

SWIFTNet Link

149.134.126.40

10443/tcp

149.134.127.247

443/tcp

HTTPS

HTTP Secure Access for MI Channel

SWIFTNet Link

Entrust Authority 149.134.244.134 Enrolment wbcl02.swiftnet.sipn.s Server for Web wift.com

SWIFTNet Link/ SWIFT WebAccess(1)

149.134.252.8 wbcl01.swiftnet.sipn.s wift.com FileAct

MI Channel

10443/tcp Sanctions SAF pilot web services

149.134.127.43

443/tcp

HTTPS

Sanctions SAF pilot web services

SWIFTNet Link or any other host, see(1)

Sanctions SAF web services

149.134.127.42

443/tcp

HTTPS

Sanctions SAF web services

SWIFTNet Link or any other host, see(1)

Secrets web server

149.134.244.134

49172/tcp

HTTPS

Retrieve SWIFTNet Link initialisation secrets

SWIFTNet Link

443/tcp

HTTPS

HTTP Secure Web Access for Secure Channel Collect Response

SWIFTNet Link or any other host, see(1)

SWIFTNet Link or any other host, see(1)

149.134.252.8

Secure Channel 149.134.126.252 web server 149.134.127.252

SWIFT Certificate Centre

149.134.63.252

443/tcp

HTTPS

Create and renew certificates

SWIFT Identity Service (IdP)

149.134.63.2

443/tcp

HTTPS

SWIFTNet Link HTTP Secure Web Access for SWIFT Identity or any other Service host, see(1)

SWIFT WebAccess

See Global Approach to SWIFT WebAccess on page 34

443/tcp

HTTPS

Use to access the SWIFT SWIFT WebAccess application WebAccess

SWIFT WebAccess Revocation Service

149.134.63.242

443/tcp

HTTPS

crlcheck.swiftnet.sipn. swift.com

80/tcp

HTTP

Check the Certificate Revocation List

CA Certificates Download

149.134.63.242

443/tcp

31 March 2021

SWIFT WebAccess Browser

HTTPS

Download CA certificates

Browser

cacertificates.swiftnet. sipn.swift.com

8

Connectivity to SWIFT Network Configuration Tables Guide

SWIFTNet Servers

Destination

Protocol

Usage

Source

System Type

MV-SIPN IP Address

Port

From System

SWIFTNet Online Operations Manager (classic Browse service(3))

149.134.127.33

443/tcp

HTTPS

HTTP Secure Web Access for SWIFTNet Online Operations Manager, see(3)

SWIFTNet Link or any other host, see(2)

WebAccessEnabled SWIFTNet Online Operations Manager

149.134.1.75

443/tcp

HTTPS

HTTP Secure Web Access for SWIFTNet Online Operations Manager

SWIFTNet Link or any other host, see(1)

Switch

149.134.244.129

50153-50190/tcp

Tuxedo

SWIFTNet Link

149.134.244.130

50200-50806/tcp

149.134.252.4

52100-52399/tcp(4)

149.134.252.6

20153-20190/tcp

BEA Systems Tuxedo - a proprietary middleware transport - used for core message exchange over SWIFTNet

149.134.242.1

20200-20806/tcp

149.134.242.2

22100-22399/tcp(5) 20153 - 27190/tcp 27200 - 27806/tcp 29100 - 29399/tcp(6) 34153-34190/tcp 34200-34806/tcp 36100-36399/tcp(7) 50181-50190/tcp(8)

(1) (2) (3) (4) (5)

(6) (7) (8)

Can also be a separate HTTP proxy host with an IP address on which the customer has translated the network address to a SWIFTNet Link host IP. See SWIFT WebAccess Members on page 35. These port ranges...

Similar Free PDFs
Conn s nw conf tbl guid - Lecture notes 14
  • 36 Pages
Lecture notes, lecture 14
  • 3 Pages
Chapter 14 - Lecture notes 14
  • 5 Pages
Lesson 14 - Lecture notes 14
  • 18 Pages
14. Cubism - Lecture notes 14
  • 2 Pages
Lesson 14 - Lecture notes 14
  • 4 Pages
TEMA 14 - Lecture notes 14
  • 10 Pages
AHS17A-14 - Lecture notes 14
  • 3 Pages
Lecture(s) Notes Phonetics
  • 7 Pages
Lecture 13 + 14 notes
  • 13 Pages
CHAP 14 - Lecture notes
  • 13 Pages
Lecture 14 - Sedimentary notes
  • 3 Pages
Lecture 14-16 - notes
  • 16 Pages
DNA - Lecture notes 14
  • 3 Pages
Chap 14 Lecture notes
  • 4 Pages
Lec14 - Lecture notes 14
  • 11 Pages
Popular Institutions