To minimize exposure and maximize security for the Virtru Private Keystore (for Virtru Solutions) appliance Virtru will only send traffic to the Virtru Private Keystore from specific IP addresses.
Traffic Requirements
Ingress:
Inbound to the Virtru Private Keystore from Virtru SaaS for normal decrypt operations:
- TCP
- 52.14.8.108
- 18.216.244.36
- 13.59.117.136
- 3.18.99.98
- 3.131.32.254
- 18.119.73.143
- 34.173.130.111
- 34.168.88.167
- Port
- Defined by client
- Default 443
Inbound to the Virtru Private Keystore from Virtru IPs for setup, testing, and health monitoring:
- TCP
- 104.30.163.207
- 104.30.177.28
- Port
- Defined by client
- Default 443
Remote access to the server for SSH (for configuration and setup)
- TCP
- <Your Company IPs>
- Port
- Default 22
Egress:
Outbound from the Virtru Private Keystore to the Virtru SaaS environment.
- TCP
- Port
- Default 443
Port Configuration
All traffic from Virtru to your infrastructure will arrive on port 443. If using a different destination port, apply an internal translation on your edge firewall to direct incoming traffic from port 443 to your specified <defined port> for the VPK server.
To update the port for the VPK container, modify the run.sh script’s -p flag:
- Original:
-p 443:9000 - Updated:
-p <defined port>:9000
Replace <defined port> with the desired port number.
Example docker run command for the Virtru container:
Note
Virtru does NOT require SSH access to any host, this is only a reference for industry best practices.