# Network and Firewall Requirements

CERTINext requires specific network configurations to enable communication between Bots, servers, Certificate Authorities, and external systems.

### **Network Communication Model**

* Bot ↔ CERTINext Platform (HTTPS)
* Bot ↔ Target Servers (SSH/SMB/API)
* CERTINext ↔ CA Providers (API calls)

### **Required Ports**

| Component             | Protocol | Port         | Direction | Purpose                   |
| --------------------- | -------- | ------------ | --------- | ------------------------- |
| Bot → CERTINext       | HTTPS    | 443          | Outbound  | API communication         |
| Bot → Linux Servers   | SSH      | 22           | Outbound  | Remote deployment         |
| Bot → Windows Servers | SMB      | 445          | Outbound  | File transfer             |
| Bot → Web Servers     | TCP      | 443 / Custom | Outbound  | Certificate scan          |
| Bot → F5 / APIs       | HTTPS    | 443          | Outbound  | Load balancer integration |
| CERTINext → CA        | HTTPS    | 443          | Outbound  | Certificate issuance      |

### **Required Hostnames**

| Service          | Description                 |
| ---------------- | --------------------------- |
| certinext.io     | CERTINext platform access   |
| api.certinext.io | API communication           |
| CA endpoints     | emSign, DigiCert, emCA APIs |

### **Firewall Requirements**

* Allow outbound HTTPS (443) from Bot
* Allow inbound SSH/SMB from Bot to servers
* Ensure DNS resolution for all endpoints
* Avoid SSL inspection for CA communication

### **Best Practices**

* Use dedicated Bot servers
* Restrict access using IP whitelisting
* Monitor network latency and connectivity
* Ensure high availability for production


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.certinext.io/documentation/deployment-and-operations/network-and-firewall-requirements.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.