Ports for communication between components

As discussed in Review the firewall rules, there are ports required for connections between components. The following summarizes the ports that must be open for inbound communication to manage privileged access services.

Connector to Active Directory ports (inbound)

Global Catalog: 3268

LDAP: 389

Kerberos: 88

Kerberos Password: 464

SMB/CIFS: 445 for password management

Time Service: 123

RPC Endpoint Mapper: 135 (allows the connector to join to an Active Directory domain)

RPC Endpoint (TCP Dynamic): 49152-65535

Server to the connector (inbound)

The server—sometimes referred to as the cloud or application server— handles routing of requests and starting the processes used for management operations.

HTTPS default port 443

DirectTCP port 30001

Ports on the target Windows server (inbound)

RDP 3389

RPC Endpoint Mapper 135

RPC Endpoint (“TCP Dynamic”) 49152-65535

Ports for discovery, testing connectivity, and password management mode

SMB/CIFS 445

WinRM over HTTP 5985

WinRM over HTTPS 5986

RPC over TCP

Ports on the connector for the target Windows server (inbound)

RDP 3389

RPC Endpoint Mapper 135

Ports on the target Linux server (inbound)

SSH 22

HTTPS 443

Ports on the connector for the Linux server (inbound)

API Proxy (HTTP proxy) 8080