Skip to main content
Skip table of contents

Standard Port Requirement for Installation

This section lists the ports to be used by Sectona Privileged Access Management components. Actual port usage may vary based on your architecture and the ports configured. Refer to the sections below for function-wise port requirements:


Internal Communication

The following are the ports used by the system for internal communication within components.

Destination→

Source
↓

Vault Storage Host

Sectona
Web
Access

Jump
Host

Session Proxy Host

Satellite Vault

Server Privilege Control1

HA
Sectona Vault

Remote Sectona Vault

SSH Direct Proxy (SSHD)

RDPD Proxy

Sectona
Vault
WCP

Sectona
Vault
API
Extension

Sectona
PA Host

Vault Storage Host


-

-

-

-

-

Replication (3307)

Replication (3307)

-

-

-

-

-

Sectona Web Access

External Database (1433)

Embedded Database (5389)


RDP (3389)

Management (4389)

Asset API (10389)

HTTPS (443)

-

Embedded Database (5389)

Embedded Database (5389)

-

-

-

-

Management (7389)

Jump Host

-

HTTPS (443)

Local (4389)

Session Proxy (22)

RDPD Proxy (23389)

Session Proxy Web (1080)

-

-

-

-

-

-

-

-

-

Session Proxy Host

-

-

-

Session Proxy (22)

Session Proxy Web (1080)

RDPD Proxy (23389)

Local (22390)

-

-

-

-

-

-

-

-

-

Satellite Vault

-

-

-

-

-

-

-

-

-

-

-

-

-

Server Privilege Control1

-

HTTPS (443)

-

-

-

Local (8389)

-

-

-

-

-

-

-

HA Sectona Vault

Replication (3307)

-

-

-

-

-

Local (3307)

-

-

-

-

-

-

Remote Sectona Vault

Replication (3307)

-

-

-

-

-

-

Local (3307)

-

-

-

-

-

SSH Direct (SSHD) Proxy

-

-

-

-

-

-

-

-

SSHD Proxy (22022)

-

-

-

-

RDPD Proxy

-

HTTPS (443)

-

-

-

-

-

-

-

RDPD Proxy (23389) 

Local (22390)

-

-

-

Sectona WCP

-

HTTPS (443)

-

-

-

-

-

-

-

-

-

-

-

Sectona Vault API Extension

-

HTTPS (443)

-

-

-

-

-

-

-

-

-

Local (6389)

-

Sectona PA Host

-

HTTPS (443)

-

-

-

-

-

-

-

-

-

-

Local (3380)

Note:

  • 1 In case of an internal host-based firewall port (8389) to be allowed on/ from the same host

  • All ports are TCP based

Ports for Password & Key Management

The following are the ports used by the system for password changes and key management. These ports should be open from Sectona Web Access component(s).

Asset Category 

Asset Type

Port

Operating System





Windows Server 2003

WMI

Windows Server 2008

WMI

Windows Server 2012

WMI

Windows Server 2016

WMI

Apple MAC OS

22

Windows Vista

WMI

Windows 8

WMI

Windows 10

WMI

Solaris

22

AIX

22

Ubuntu

22

RHEL

22

HP-UX

22

Debain

22

VMWare ESX

22

VMWare ESXi

22

Microsoft Hyper-V

135, 445 and Windows high ports

Databases

MSQL 2000

1433

MSQL 2012

1433

MSQL 2014

1433

MSQL 2016

1433

DB2 on Windows

135, 445 and Windows high ports

DB2 on Unix

22

MYSQL

3306

MariaDB

3306

Oracle 11g

1521

Oracle 9i

1521

Oracle 10g

1521

Sybase

5000

Network Devices

Checkpoint

22

Cisco IOS

22

Fortigate

22

F5

22

Juniper

22

HP ProCurve

22

Palo Alto

22

Riverbed

22

Directory Services

Active Directory

389

Open LDAP

389

Azure AD

443

Mainframes

AS/400

449, 8476

OS/390

22

Cloud Apps

AWS

443

Account Discovery on Target Devices

The following ports are used by the system for the discovery of accounts on target devices. These ports should be open from Sectona Web Access.

Asset Category 

Asset Type

Port

Operating System





Windows Server 2003

WMI

Windows Server 2008

WMI

Windows Server 2012

WMI

Windows Server 2016

WMI

Windows dependencies

  • IIS Pool

  • Services

  • Task

135, 445 and Windows high ports

Apple MAC OS

22

Windows Vista

WMI

Windows 8

WMI

Windows 10

WMI

Solaris

22

AIX

22

Ubuntu

22

RHEL

22

HP-UX

22

CentOS

22

Databases

Microsoft SQL 2000

1433

Microsoft SQL 2012

1433

Microsoft SQL 2014

1433

Microsoft SQL 2016

1433

MYSQL All Version

3306

Oracle 11g

1521

Oracle 9i

1521

Oracle 10g

1521

Directory Services

Active Directory

389

Ports required for Asset & Resource Discovery

The following is the list of ports used by the system for asset discovery. These ports should be communicable from Sectona Web Access.

Scan Type

Destination

Port

Active Directory Scan

Active Directory

389

Network Scan

Windows

3389

Network Scan

Unix

22

VMWare Scan

VMWare vCentre

443

Azure Resource Scan1

Microsoft Azure Cloud

443

AWS Resource Scan2

AWS Cloud

443

Note:

  • 1, 2 For Azure and AWS resource scan you may require an internet proxy port to be communicable from Sectona Web Access

  • All ports are TCP based

External communication

Source

Destination

Port No.

Purpose

Sectona Web Access

Active Directory

LDAP (TCP 389)

LDAPS (TCP 636)

Authentication

Sectona Web Access

Google Authenticator

HTTPS (TCP 443)

Multi-factor Authentication

Sectona Web Access

Okta

HTTPS (TCP 443)

Multi-factor Authentication 

Sectona Web Access

Duo

HTTPS (TCP 443)

Multi-factor Authentication

Sectona Web Access

OneLogin

HTTPS (TCP 443)

Multi-factor Authentication

Sectona Web Access

RSA SecurID

RADIUS (UDP 1812)

Multi-factor Authentication

Sectona Web Access

Vasco

RADIUS (UDP 1812)

Multi-factor Authentication

Sectona Web Access

Google Firebase

HTTPS (TCP 443)

Multi-factor Authentication (Push) & Notification - Sectona Mobile App

Sectona Web Access

SMS Gateway Server

HTTPS (TCP 443)

Multi-factor Authentication

Sectona Web Access

SMTP Server

SMTP (TCP 25)

Email

Sectona Web Access

Syslog Server

SYSLOG (UDP 514)

Log forwarding

Sectona Web Access

Internet Proxy Server

PROXY (TCP 8080)

Communication / Network proxy

Sectona Web Access

Jira Service Desk Cloud

HTTPS (TCP 443)

Service Desk

Sectona Web Access

Jira Service Desk Server

HTTPS (TCP 443)

Service Desk

Sectona Web Access

ServiceNow

HTTPS (TCP 443)

Service Desk

End user communication

The following ports are required for the end user communication from the source to destination.

Access Type

Source

Destination

Port

Browser based access

End User Machine 

Sectona Web Access

443

Sectona Client  

End User Machine

Sectona Proxy 

22, 1080, 23389, 22022(Optional)

Sectona Web Access

443

Browser with Launcher

End User Machine

Sectona Proxy

22, 1080, 23389, 22022(Optional)

Sectona Web Access

443

RDP Direct

End User Machine

Sectona Web Access

443

Sectona Jump Host

3389

Note:

  • All ports are TCP based

WMI ports

The following WMI ports are required during windows local account discovery and password change

Source

Destination

TCP Port

Description

Sectona Web Access

Windows Server/ Workstation

445

NetBIOS

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.