PSaaS Appliance Infrastructure: IP/Domain and Port List
The PSaaS Appliance requires certain ports within the cluster to be open and able to access each other, as well as selected external sites.
Between Cluster Nodes
When possible, instances within a cluster should have full connectivity to each other so that you do not need to introduce new firewall rules if Auth0 adds new features. However, since this isn't possible in every environment, the following table lists the ports that are required to be open and accessible to other PSaaS Appliance instances in the same cluster:
|9001||Rate Limiting||Yes||Required if rate limiting is used|
|8721||Webtask Logging/Control||Yes||Required for logging and debugging|
|8701||Webtask Logging/Control||Yes||Required for logging and debugging|
|22||Maintenance||No||Enables maintenance tasks to be done between nodes|
|ICMP||Healthcheck||No||Allows healthchecks between nodes|
Auth0 strives to keep these IP addresses stable, though this is not a given. From time to time, Auth0 may add IP addresses or additional servers. During updates and metrics, you must allow your PSaaS Appliance instances to connect to these addresses.
|All||Inbound||Your load balancer IP address (often on internal network)||80/(443 or 4443)||For clusters with more than one node, a load balancer is required for resiliency and performance||Yes|
|Webtask||Outbound||Your load balancer IP address (often on internal network)||443||Allows rules, webtasks, and extensions to call back to Auth0 endpoints||Yes|
|Command Line Interface||Inbound and Outbound||CLI Clients (often on the internal network)||10121||Allows use of the PSaaS Appliance Command Line Interface||No|
|Updates||Outbound||apt-mirror.it.auth0.com (220.127.116.11)||80/443||Provides update packages for PSaaS Appliance instances||Yes|
|Updates||Outbound||docker.it.auth0.com (18.104.22.168)||443||Provides updates for PSaaS Appliance Docker Packages||Yes|
|Updates and web extensions||Outbound||cdn.auth0.com||443||Required to run web extensions; Provides update packages for PSaaS Appliance instances running versions `6868` or earlier||Yes|
|Examples||Outbound||github.com||443||Source to download and repackage example applications||No|
|Usage & Telemetry||Outbound||app-gateway.it.auth0.com (22.214.171.124)||443||Provides usage and telemetry statistics||Yes|
|Maintenance||Inbound||Jump Host||22||Allows access to PSaaS Appliance instances for support purposes||No|
|Healthcheck||Inbound||Monitoring Endpoint||9110||Allows access to Healthcheck endpoints||No|
- If you are using social providers for logins, the cluster must be able to connect to the social providers' endpoints.
- The Jump Host IP is stable and provided at the time of setup.