Appendix - Firewall Rules Script

This script configures the firewall appropriately to allow communication between the Keyfactor AnyCA Gateway DCOM and your CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA.. It should be run as an Enterprise Admin in an administrative PowerShell window on the AnyCAGateway DCOM machine.

Usage: KeyfactorAnyGatewayFirewallRules.ps1

The KeyfactorAnyGatewayFirewallRules.ps1 script contents:

Write-host Enabling "Keyfactor CA AnyGateway RPC-IN"
New-NetFirewallRule -DisplayName "Keyfactor CA AnyGateway RPC-IN" \
  -Description "An inbound rule to allow traffic to the Keyfactor CA Gateway for Enterprise certificate enrollment." \
  -Direction Inbound \
  -RemoteAddress "10.1.1.25" # Set value to remote address from which requests will originate (e.g. Keyfactor Command) \
  -LocalPort "RPC" \
  -RemotePort "49152-65535" \
  -Program "C:\Program Files\Keyfactor\Keyfactor AnyGateway\CAProxyServer.exe" # Path to gateway install may vary \
  -Protocol TCP \
  -Action Allow
Write-host Enabling "COM+ Network Access (DCOM-In)"
Set-NetFirewallRule -DisplayName "COM+ Network Access (DCOM-In)" -Enabled True
Get-NetFirewallRule -DisplayName "COM+ Network Access (DCOM-In)"

Set the Program and RemoteAddress values appropriately for your environment.

Version v24.4.1

On this page: