Standard Port Requirement for Installation
This section lists the ports to be used by Sectona Privileged Access Management components. Actual port usage may vary based on your architecture and the ports configured. Refer to the sections below for function-wise port requirements:
Internal Communication
The following are the ports used by the system for internal communication within components.
Destination→ Source | Vault Storage Host | Sectona | Jump | Session Proxy Host | Satellite Vault | Server Privilege Control1 | HA | Remote Sectona Vault | SSH Direct Proxy (SSHD) | RDPD Proxy | Sectona | Sectona | Sectona |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Vault Storage Host | - | - | - | - | - | Replication (3307) | Replication (3307) | - | - | - | - | - | |
Sectona Web Access | External Database (1433) Embedded Database (5389) | RDP (3389) | Asset API (10389) | HTTPS (443) | - | Embedded Database (5389) | Embedded Database (5389) | - | - | - | - | Management (7389) | |
Jump Host | - | HTTPS (443) | Local (4389) | Session Proxy (22) RDPD Proxy (23389) Session Proxy Web (1080) | - | - | - | - | - | - | - | - | - |
Session Proxy Host | - | - | - | Session Proxy (22) Session Proxy Web (1080) RDPD Proxy (23389) Local (22390) | - | - | - | - | - | - | - | - | - |
Satellite Vault | - | - | - | - | - | - | - | - | - | - | - | - | - |
Server Privilege Control1 | - | HTTPS (443) | - | - | - | Local (8389) | - | - | - | - | - | - | - |
HA Sectona Vault | Replication (3307) | - | - | - | - | - | Local (3307) | - | - | - | - | - | - |
Remote Sectona Vault | Replication (3307) | - | - | - | - | - | - | Local (3307) | - | - | - | - | - |
SSH Direct (SSHD) Proxy | - | - | - | - | - | - | - | - | SSHD Proxy (22022) | - | - | - | - |
RDPD Proxy | - | HTTPS (443) | - | - | - | - | - | - | - | RDPD Proxy (23389) Local (22390) | - | - | - |
Sectona WCP | - | HTTPS (443) | - | - | - | - | - | - | - | - | - | - | - |
Sectona Vault API Extension | - | HTTPS (443) | - | - | - | - | - | - | - | - | - | Local (6389) | - |
Sectona PA Host | - | HTTPS (443) | - | - | - | - | - | - | - | - | - | - | Local (3380) |
Note: |
| ||||||||||||
Ports for Password & Key Management
The following are the ports used by the system for password changes and key management. These ports should be open from Sectona Web Access component(s).
Asset Category | Asset Type | Port |
Operating System | Windows Server 2003 | |
Windows Server 2008 | WMI | |
Windows Server 2012 | ||
Windows Server 2016 | ||
Apple MAC OS | 22 | |
Windows Vista | ||
Windows 8 | ||
Windows 10 | ||
Solaris | 22 | |
AIX | 22 | |
Ubuntu | 22 | |
RHEL | 22 | |
HP-UX | 22 | |
Debain | 22 | |
VMWare ESX | 22 | |
VMWare ESXi | 22 | |
Microsoft Hyper-V | 135, 445 and Windows high ports | |
Databases | MSQL 2000 | 1433 |
MSQL 2012 | 1433 | |
MSQL 2014 | 1433 | |
MSQL 2016 | 1433 | |
DB2 on Windows | 135, 445 and Windows high ports | |
DB2 on Unix | 22 | |
MYSQL | 3306 | |
MariaDB | 3306 | |
Oracle 11g | 1521 | |
Oracle 9i | 1521 | |
Oracle 10g | 1521 | |
Sybase | 5000 | |
Network Devices | Checkpoint | 22 |
Cisco IOS | 22 | |
Fortigate | 22 | |
F5 | 22 | |
Juniper | 22 | |
HP ProCurve | 22 | |
Palo Alto | 22 | |
Riverbed | 22 | |
Directory Services | Active Directory | 389 |
Open LDAP | 389 | |
Azure AD | 443 | |
Mainframes | AS/400 | 449, 8476 |
OS/390 | 22 | |
Cloud Apps | AWS | 443 |
Account Discovery on Target Devices
The following ports are used by the system for the discovery of accounts on target devices. These ports should be open from Sectona Web Access.
Asset Category | Asset Type | Port |
Operating System | Windows Server 2003 | |
Windows Server 2008 | ||
Windows Server 2012 | ||
Windows Server 2016 | ||
Windows dependencies
| 135, 445 and Windows high ports | |
Apple MAC OS | 22 | |
Windows Vista | ||
Windows 8 | ||
Windows 10 | ||
Solaris | 22 | |
AIX | 22 | |
Ubuntu | 22 | |
RHEL | 22 | |
HP-UX | 22 | |
CentOS | 22 | |
Databases | Microsoft SQL 2000 | 1433 |
Microsoft SQL 2012 | 1433 | |
Microsoft SQL 2014 | 1433 | |
Microsoft SQL 2016 | 1433 | |
MYSQL All Version | 3306 | |
Oracle 11g | 1521 | |
Oracle 9i | 1521 | |
Oracle 10g | 1521 | |
Directory Services | Active Directory | 389 |
Ports required for Asset & Resource Discovery
The following is the list of ports used by the system for asset discovery. These ports should be communicable from Sectona Web Access.
Scan Type | Destination | Port |
|---|---|---|
Active Directory Scan | Active Directory | 389 |
Network Scan | Windows | 3389 |
Network Scan | Unix | 22 |
VMWare Scan | VMWare vCentre | 443 |
Azure Resource Scan1 | Microsoft Azure Cloud | 443 |
AWS Resource Scan2 | AWS Cloud | 443 |
Note:
1, 2 For Azure and AWS resource scan you may require an internet proxy port to be communicable from Sectona Web Access
All ports are TCP based
External communication
Source | Destination | Port No. | Purpose |
|---|---|---|---|
Sectona Web Access | Active Directory | LDAP (TCP 389) LDAPS (TCP 636) | Authentication |
Sectona Web Access | Google Authenticator | HTTPS (TCP 443) | Multi-factor Authentication |
Sectona Web Access | Okta | HTTPS (TCP 443) | Multi-factor Authentication |
Sectona Web Access | Duo | HTTPS (TCP 443) | Multi-factor Authentication |
Sectona Web Access | OneLogin | HTTPS (TCP 443) | Multi-factor Authentication |
Sectona Web Access | RSA SecurID | RADIUS (UDP 1812) | Multi-factor Authentication |
Sectona Web Access | Vasco | RADIUS (UDP 1812) | Multi-factor Authentication |
Sectona Web Access | Google Firebase | HTTPS (TCP 443) | Multi-factor Authentication (Push) & Notification - Sectona Mobile App |
Sectona Web Access | SMS Gateway Server | HTTPS (TCP 443) | Multi-factor Authentication |
Sectona Web Access | SMTP Server | SMTP (TCP 25) | |
Sectona Web Access | Syslog Server | SYSLOG (UDP 514) | Log forwarding |
Sectona Web Access | Internet Proxy Server | PROXY (TCP 8080) | Communication / Network proxy |
Sectona Web Access | Jira Service Desk Cloud | HTTPS (TCP 443) | Service Desk |
Sectona Web Access | Jira Service Desk Server | HTTPS (TCP 443) | Service Desk |
Sectona Web Access | ServiceNow | HTTPS (TCP 443) | Service Desk |
End user communication
The following ports are required for the end user communication from the source to destination.
Access Type | Source | Destination | Port |
|---|---|---|---|
Browser based access | End User Machine | Sectona Web Access | 443 |
Sectona Client | End User Machine | Sectona Proxy | 22, 1080, 23389, 22022(Optional) |
Sectona Web Access | 443 | ||
Browser with Launcher | End User Machine | Sectona Proxy | 22, 1080, 23389, 22022(Optional) |
Sectona Web Access | 443 | ||
RDP Direct | End User Machine | Sectona Web Access | 443 |
Sectona Jump Host | 3389 |
Note:
All ports are TCP based
WMI ports
The following WMI ports are required during windows local account discovery and password change
Source | Destination | TCP Port | Description |
|---|---|---|---|
Sectona Web Access | Windows Server/ Workstation | 445 | NetBIOS |