Technical Advisory: Upcoming Limitation on Allowed Ports for SFTP Hosts

thebenrobb

Employee

30-09-2020

What is Changing?

Adobe Experience Platform Launch will soon require that all ports on SFTP Hosts be on the list below (or fall within the specified ranges).

  • 21
  • 22
  • 80
  • 200-299
  • 443
  • 2000-2999
  • 4343
  • 8080
  • 8888

Impact

When creating/editing an SFTP Host, Launch will perform validation on the Host's port. If the port is not on the list above, the save will fail with an error.

If you happen to create a Host with a disallowed port before these changes, once they go into effect, builds sent to that Host will fail.

Rationale

We consistently take steps to improve security and reduce our risk exposure. Limiting the allowed outgoing ports is required by our network and security teams to enhance the infrastructure that supports Launch.

Why These Ports?

When we conducted our analysis, all existing SFTP Hosts on our customer organizations were already compliant with the list of ports above. You will recognize many as commonly allowed incoming ports for corporate firewalls. The listed ranges let us include the other existing Hosts - those not on standard ports - and still preserve some flexibility for future Hosts.

When Will This Happen?

These changes will happen within the next 3-4 weeks. The validation will go into place in the UI and the API first. We'll also update the documentation. We will block the outgoing ports after we complete the validation changes.