Appendix - Firewall Rules Script

This script configures the firewall appropriately to allow communication between the Keyfactor Gateway and Keyfactor Gateway Receiver. This is only needed if you choose to use the account synchronization function. It should be run as an Enterprise Admin in an administrative PowerShell window on the gateway machine.

Usage: KeyfactorGatewayFirewallRules.ps1

KeyfactorGatewayFirewallRules.ps1 script contents:

Write-host Enabling "Keyfactor CA Gateway RPC-IN"
New-NetFirewallRule -DisplayName "Keyfactor CA Gateway RPC-IN" \
  -Description "An inbound rule to allow traffic to the Keyfactor CA Gateway for Enterprise certificate enrollment." \
  –Direction Inbound \ 
  -RemoteAddress "10.1.1.25" # Set value to remote address appropriate for your environment \
  -RemotePort "49152-65535" \
  –LocalPort "RPC" \
  -Program "C:\Program Files\Keyfactor\Keyfactor Gateway\CAProxyServer.exe" # Path to gateway may vary \
  -Protocol TCP \
  -Action Allow
Write-host Enabling "COM+ Network Access (DCOM-In)"
Set-NetFirewallRule -DisplayName "COM+ Network Access (DCOM-In)" -Enabled True
Get-NetFirewallRule -DisplayName "COM+ Network Access (DCOM-In)"

Set the Program and RemoteAddress values appropriately for your environment. The remote address indicates the address from which requests will originate.

Was this page helpful? Provide Feedback

Version v25.1.1

On this page: