Home
Frequently asked questions
How secure is the connection between the local TACACS+ server and Portnox Cloud?
In this topic, you will find information about how Portnox Cloud secures the connection between a local TACACS+ server and Cloud services, including encryption and credential handling.

Frequently asked questions
- Portnox Cloud best practices
  In this topic, you will find technical suggestions prepared by Portnox staff to help you make informed decisions about your Portnox Cloud deployment.
- What antivirus and firewall software does AgentP support?
  In this topic, you will find information about the antivirus and firewall software supported by AgentP on Windows, macOS, and Linux, including examples of tested applications and guidance for unsupported programs.
- How secure is the connection between the local TACACS+ server and Portnox Cloud?
  In this topic, you will find information about how Portnox Cloud secures the connection between a local TACACS+ server and Cloud services, including encryption and credential handling.
- How is the risk score calculated for risk assessment policies?
  In this topic, you will find information about how Portnox Cloud calculates risk scores for risk assessment policies.
- How to find application names for risk assessment policies?
  In this topic, you will learn how to find application names for risk assessment policies on Windows, macOS, Linux, Android, iOS, and via Portnox Cloud.
- How to find service names for risk assessment policies?
  In this topic, you will learn how to find service names on Windows and macOS to use them in risk assessment policies.
- How to find the OS version for risk assessment policies?
  In this topic, you will learn how to find the operating system version for risk assessment policies on Windows, macOS, Linux, Android, and iOS devices.
- What wildcard patterns are supported in risk assessment policy attributes?
  In this topic, you will find information about which wildcard patterns are supported in risk assessment policy attributes and how to use them effectively.
- What enterprise applications does Portnox Cloud install and use in Azure?
  In this topic, you will find information about the enterprise applications that Portnox Cloud installs in Azure and their purposes when integrating with Entra ID and Microsoft Intune.
- What information does Portnox Cloud read from authentication repositories?
  In this topic, you will learn what user information Portnox Cloud reads from authentication repositories.
- How does Portnox Cloud handle certificate revocation?
  In this topic, you will learn how Portnox Cloud handles certificate revocation for user and device certificates.
- How does Portnox handle ZTNA certificate expiration and renewal for SSO-enabled web applications?
  In this topic, you will find technical guidance on managing ZTNA certificate expiration and renewal for SSO-enabled web applications, including best practices for manual replacement and planning.
- How does Portnox Cloud know the device make/model?
  In this topic, you will find information about how Portnox Cloud identifies a device’s make and model.
- When does Portnox Cloud consume a license?
  In this topic, you will find information about when Portnox Cloud consumes a license for devices.
- How does the dashboard map widget determine a device’s location?
  In this topic, you will learn how the dashboard map widget determines a device’s location in Portnox Cloud.
- Does the Blast-RADIUS vulnerability affect Portnox Cloud users?
  In this topic, you will find information about the Blast-RADIUS vulnerability and its impact on Portnox Cloud users.

How secure is the connection between the local TACACS+ server and Portnox Cloud?

In this topic, you will find information about how Portnox Cloud secures the connection between a local TACACS+ server and Cloud services, including encryption and credential handling.

The TACACS+ virtual appliance and Docker container communicate with Portnox Cloud services through a TLS 1.3 tunnel. The entire communication is strongly secured.

If you use SSH to connect to the TACACS+ device, your credentials are fully encrypted end-to-end. First through the SSH session, then through the TACACS+ protocol to the TACACS+ virtual appliance or the Docker container, and then finally though the encrypted TLS tunnel between the TACACS+ virtual appliance or Docker container to Portnox Cloud.

Communication between the TACACS+ server and Portnox Cloud involves sending the credentials because they are necessary to validate the user’s authentication against their selected authentication repository. These credentials are always encrypted and never stored or persisted anywhere in the chain.