ASMS system architecture

This topic shows a series of architecture diagrams, with elements for distributed systems, devices, and enterprise systems.

Click each image to zoom in for details.

Note: The protocols and deployment models used differ in different architecture structures.

For more details, see Supported deployments per architecture structure, Required port connections, and the device-specific topics in the Manage devices section.

ASMS on-prem full system architecture

The following image shows a full sample ASMS system architecture.

* ICMP is used for setup and upgrade in HA deployments

**For up to 5 LDUs, use local ports TCP 9001-9010. Each LDU connects to the CM and to each other. If you’re using more than 5 LDUs contact support.

ASMS - AlgoSec SaaS Services topology

The following image shows connection between on-prem ASMS system with AlgoSec SaaS solutions*:

* Including SaaS solutions like: ACE, AppViz, ObjectFlow, etc.

Initial setup

The following image shows an ASMS system with elements for initial setup. The ASMS Central Manager connects to both ASMS Administrators and users, as well as a Syslog NG server for log processing.

 

* ICMP is used for setup and upgrade in HA deployments

For more details, see Define AFA preferences.

Distributed architecture

The following image adds system elements for a distributed architecture, including load and geographic distribution units, as well as a separate High Availability or Disaster Recovery site.

* ICMP is used for setup and upgrade in HA deployments

**For up to 5 LDUs, use ports TCP 9001-9010. Each LDU connects to the CM and to each other. If you’re using more than 5 LDUs contact support.

The following image zooms in to the ASMS system elements and connections in a distributed architecture.

* ICMP is used for setup and upgrade in HA deployments

**For up to 5 LDUs, use ports TCP 9001-9010. Each LDU connects to the CM and to each other. If you’re using more than 5 LDUs contact support.

For more details, see Configure a distributed architecture.

Added devices

The following image shows additional elements for devices added to AFA, including a Palo Alto Panorama and managed firewall, a Check Point Management station, log server, and managed Check Point Gateway, as well as Cloud devices in AWS or Azure.

* ICMP is used for setup and upgrade in HA deployments

**For up to 5 LDUs, use ports TCP 9001-9010. Each LDU connects to the CM and to each other. If you’re using more than 5 LDUs contact support.

For more details, see Manage devices.

ASMS architecture for enterprise systems

The following image shows an ASMS architecture and connections to elements used in enterprise systems:

* ICMP is used for setup and upgrade in HA deployments

For more details, see Define AFA preferences.