ASMS system architecture

This topic shows a series of architecture diagrams, with elements for distributed systems, devices, and enterprise systems.

Click each image to zoom in for details.

Note: The protocols and deployment models used differ in different architecture structures.

For more details, see Supported deployments per architecture structure, Required port connections, and the device-specific topics in the Manage devices section.

ASMS on-prem full system architecture

The following image shows a full sample ASMS system architecture.

* ICMP is used for setup and upgrade in HA deployments

**For up to 5 LDUs, use local ports TCP 9001-9010. Each LDU connects to the CM and to each other. If you’re using more than 5 LDUs contact support.

ASMS - AlgoSec SaaS Services topology

The following image shows connection between on-prem ASMS system with AlgoSec SaaS solutions*:

* Including SaaS solutions like: Prevasio, AppViz, AlgoSec Cloud, ObjectFlow, etc.

Initial setup

The following image shows an ASMS system with elements for initial setup. The ASMS Central Manager connects to both ASMS Administrators and users, as well as a Syslog NG server for log processing.

 

* ICMP is used for setup and upgrade in HA deployments

For more details, see Define AFA preferences.

Distributed architecture

The following image adds system elements for a distributed architecture, including load and geographic distribution units, as well as a separate High Availability or Disaster Recovery site.

* ICMP is used for setup and upgrade in HA deployments

**For up to 5 LDUs, use ports TCP 9001-9010. Each LDU connects to the CM and to each other. If you’re using more than 5 LDUs contact support.

The following image zooms in to the ASMS system elements and connections in a distributed architecture.

* ICMP is used for setup and upgrade in HA deployments

**For up to 5 LDUs, use ports TCP 9001-9010. Each LDU connects to the CM and to each other. If you’re using more than 5 LDUs contact support.

For more details, see Configure a distributed architecture.

Added devices

The following image shows additional elements for devices added to AFA, including a Palo Alto Panorama and managed firewall, a Check Point Management station, log server, and managed Check Point Gateway, as well as Cloud devices in AWS or Azure.

* ICMP is used for setup and upgrade in HA deployments

**For up to 5 LDUs, use ports TCP 9001-9010. Each LDU connects to the CM and to each other. If you’re using more than 5 LDUs contact support.

For more details, see Manage devices.

ASMS architecture for enterprise systems

The following image shows an ASMS architecture and connections to elements used in enterprise systems:

* ICMP is used for setup and upgrade in HA deployments

For more details, see Define AFA preferences.