As discussed in Review the firewall rules, there are ports required for connections between components. The following summarizes the ports that must be open for inbound communication to manage privileged access services.
Connector to Active Directory ports (inbound)
|
|---|
|
Global Catalog: 3268 LDAP: 389 Kerberos: 88 Kerberos Password: 464 SMB/CIFS: 445 for password management Time Service: 123 RPC Endpoint Mapper: 135 (allows the connector to join to an Active Directory domain) RPC Endpoint (TCP Dynamic): 49152-65535 |
Server to the connector (inbound)
|
|---|
|
The server—sometimes referred to as the cloud or application server— handles routing of requests and starting the processes used for management operations. HTTPS default port 443 DirectTCP port 30001 |
Ports on the target Windows server (inbound)
|
|---|
|
RDP 3389 RPC Endpoint Mapper 135 RPC Endpoint (“TCP Dynamic”) 49152-65535 Ports for discovery, testing connectivity, and password management modeSMB/CIFS 445 WinRM over HTTP 5985 WinRM over HTTPS 5986 RPC over TCP |
Ports on the connector for the target Windows server (inbound)
|
|---|
|
RDP 3389 RPC Endpoint Mapper 135 RDP 5555 (TCP) Connector (inbound) For native RDP |
Ports on the target Linux server (inbound) |
|---|
|
SSH 22 HTTPS 443 |
Ports on the connector for the Linux server (inbound)
|
|---|
|
API Proxy (HTTP proxy) 8080 |
PAS firewall rules and domain settings for external integrations
When PAS interacts with your external system there may be additional port requirements.
Note: The outbound 443 port is very likely, with a possibly of other ports, including inbound ports.
Example port recommendations:
| Example | Port Recommendations | Protocol |
|---|---|---|
| Partner federation / External IDP | Outbound / Inbound 443 for external IDP | HTTPS |
| SAML app | Outbound / Inbound 443 the application | HTTPS |
| Customer SMTP server | Port 22 | HTTPS |
Doc Feedback