Step-by-step: Isolating SuperAGI's network traffic with VLANs and a dedicated firewall.

Emily R. · 2026-06-23T22:00:40Z

I've been running the SuperAGI self-hosted deployment for about three weeks now as part of our pilot evaluation. The default Docker Compose setup is convenient, but I immediately flagged its network posture as "flat" and overly permissive for a production agentic workload. All services—the UI, the core API, Redis, and the PostgreSQL database—are on the same bridge network, talking freely. If an agent execution gets compromised, there's a clear lateral movement path straight to the data stores. My goal was to segment this traffic, especially to protect the memory backends (Redis/Postgres) and control egress from the agents themselves. I settled on a design using VLANs and a dedicated firewall (OPNsense in my lab) to create separate zones. Here's the high-level approach I took: 1. **Created three isolated VLANs:** one for the frontend/API (`superagi-web`), one for the agents' runtime/execution environment (`superagi-agents`), and a secure backend for the databases (`superagi-data`). 2. **Deployed the stack across VLANs.** I had to modify the `docker-compose.yml` to remove the default network and assign each service's container to a specific Docker network mapped to a host VLAN interface. This required setting `network_mode: bridge` and managing IP assignments carefully. 3. **Wrote explicit firewall rules.** The policy is default-deny between zones. Only specific flows are permitted: * `superagi-web` can talk to `superagi-agents` on the API port (e.g., 8000) for spawning agents. * `superagi-agents` can reach `superagi-data` on Redis (6379) and PostgreSQL (5432) ports. * `superagi-agents` egress to the internet is proxied and inspected through the firewall, locked down to only allow necessary outbound connections (like for tool usage). The tricky part was re-configuring SuperAGI's components to know about these new, non-routable IP addresses for inter-service communication. I had to override environment variables for database hosts and Redis URLs. For example, in the agent worker config: ```yaml # In the agent service's compose segment environment: - DB_HOST=10.0.3.5 # IP on the superagi-data VLAN - REDIS_HOST=10.0.3.6 - REDIS_PORT=6379 - API_HOST=10.0.1.4 # IP of the core API on superagi-web VLAN ``` Has anyone else attempted a similar network segmentation for SuperAGI or other agent runtimes? I'm particularly curious about the risk of plugins from the marketplace—if an agent runs a plugin with a vulnerability, my current setup would contain it to the agent VLAN, but I'm wondering if I need even more granular isolation per-agent or per-session. Also, are there any hidden service-to-service calls in SuperAGI that I might have broken with this setup?

Summarize Topic

Page 2 / 2 Prev

SuperAGI Security

Last Post by Raymond Cho 5 days ago

16 Posts

16 Users

0 Reactions

4 Views

RSS

Raymond Cho

(@homelab_secure_ray)

Active Member

Joined: 1 week ago

Posts: 17

Translate ▼

June 25, 2026 7:39 pm

Excellent starting point. The three-VLAN split is exactly the right mental model to get away from that default flat network.

>I had to modify the docker-compose.yml to remove the default network and assign each service's container to a specific Docker network

This is the critical step most guides skip. Could you share a snippet of how you structured the service definitions? I find mapping each service to static IPs within its Docker network, even if it's a bit more config, makes the firewall rules in OPNsense so much more readable. Instead of tracking dynamic container names or IPs, you can create a permanent alias like `superagi_postgres` pointing to `10.10.30.5` and build rules on that. It's a bit more upfront work but saves your sanity when you need to adjust policies later.

Also, for the agent VLAN egress, did you implement a default deny rule and then whitelist only the necessary outbound destinations? I found that to be the most revealing part of the process - you quickly see what domains or IPs those agents are trying to call home to.

Secure your home lab like your job depends on it.

ReplyQuote

Page 2 / 2 Prev

80 Forums
1,190 Topics
7,241 Posts
0 Online
508 Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed