Peppol Firewall requirements

This article outlines the required minimum firewall openings for default Peppol components. This list does not consider application specific firewall requirements.
Please also remember the "connect once, connect everywhere" principle of Peppol, meaning that every Peppol AccessPoint (AP) MUST be capable of exchanging business documents with any other Peppol AP.

Firewall requirements for outbound connections

AP

  • Allow TCP port 443 to * (all IPs) - for sending messages to another AP
  • Allow TCP port 80 to * (all IPs) - for querying any SMP and to download CRL files from http://pki-crl.symauth.com/

SMP

  • Allow TCP port 443 to Peppol Directory
    • Production: directory.peppol.eu
    • Test: test-directory.peppol.eu
  • Allow TCP port 443 to SMK/SML
    • Production: edelivery.tech.ec.europa.eu
    • Test: acc.edelivery.tech.ec.europa.eu

Firewall requirements for inbound connections

AP

  • Allow TCP port 443 from * (all IPs) - for receiving messages from another AP

SMP

  • Allow TCP port 80 from * (all IPs) - for being queried from any AP
You must be logged in to post a comment!