2.4. Communication

2.4.1. Secure Internal Communication

The communication between suSSHi Gateways and suSSHi Chef is called “Secure Internal Communication” (SIC). This comprises a total of three TCP protocols.

If a network firewall is installed between the gateways and suSSHi Chef, these protocols must be enabled according to the following table:

Source	Destination	Protocol	Port	Description	Purpose
suSSHi Gateway(s)	suSSHi Chef	TCP	8443	HTTPS with mutual authentication	Configuration synchronization Session Authentication and Authorization Session Reports
suSSHi Gateway(s)	suSSHi Chef	TCP	6514	RELP over TLS	System and Session Logging to suSSHi Chef
suSSHi Chef	suSSHi Gateway(s)	TCP	22 [*]	SSH	Status Gathering Host Key Scanning Configuration Reload triggers Session dropping

[*]

Standard SSH port, may differ if you plan to run your suSSHi Gateway on a non-standard port.

2.4.2. System Events

suSSHi Chef gets logging feeds for system and session messages from all suSSHi Gateways. Using the Syslog (RFC 5424) protocol, these messages messages can be forwarded.

suSSHi Chef supports UDP, TCP and RELP (over TCP) to up to two external Syslog servers. If two Syslog servers are configured, both servers get the Syslog information in parallel. The port for UDP, TCP and RELP can be configured as well.

For the available configuration options, please refer to System > Preferences.