Standard Port Requirement for Installation

This section lists the ports to be used by Sectona components. Actual port usage may vary based on your architecture and the ports configured. Refer to the sections below for function-wise port requirements:

Internal Communication

The following are the ports used by the system for internal communication within components. Also note, if a version is not specified then that port suports all versions of that component.

Destination→ Source ↓	Vault Storage Host	Sectona Web Access	Jump Host	Session Proxy Host	Satellite Vault	Server Privilege Control¹	HA Sectona Vault	Remote Sectona Vault	SSH Direct Proxy (SSHD)	RDPD Proxy	Sectona Vault WCP	Sectona Vault API Extension	Sectona PA Host	Application Proxy Host	Sectona Windows Monitoring Agent
Vault Storage Host		-	-	-	-	-	Replication (3307)	Replication (3307)	-	-	-	-	-	-	-
Sectona Web Access	External Database (1433) Embedded Database (5389)		RDP (3389) Management (4389)	Asset API (10389)	HTTPS (443)	-	Embedded Database (5389)	Embedded Database (5389)	-	-	-	-	Management (7389)	-	-
Jump Host	-	HTTPS (443)	Local (4389)	Session Proxy (22) RDPD Proxy (23389) Session Proxy Web (1080)	-	-	-	-	-	-	-	-	-	-	-
Session Proxy Host	-	-	-	Session Proxy (22) Session Proxy Web (1080) RDPD Proxy (23389) Local (22390)	-	-	-	-	-	-	-	-	-	-	-
Satellite Vault	-	-	-	-	-	-	-	-	-	-	-	-	-	-	-
Server Privilege Control¹	-	HTTPS (443)	-	-	-	Local (8389)	-	-	-	-	-	-	-	-	-
HA Sectona Vault	Replication (3307)	-	-	-	-	-	Local (3307)	-	-	-	-	-	-	-	-
Remote Sectona Vault	Replication (3307)	-	-	-	-	-	-	Local (3307)	-	-	-	-	-	-	-
SSH Direct (SSHD) Proxy	-	-	-	-	-	-	-	-	SSHD Proxy (22022)	-	-	-	-	-	-
RDPD Proxy	-	HTTPS (443)	-	-	-	-	-	-	-	RDPD Proxy (23389) Local (22390)	-	-	-	-	-
Sectona WCP	-	HTTPS (443)	-	-	-	-	-	-	-	-	-	-	-	-	-
Sectona Vault API Extension	-	HTTPS (443)	-	-	-	-	-	-	-	-	-	Local (6389)	-	-	-
Sectona PA Host	-	HTTPS (443)	-	-	-	-	-	-	-	-	-	-	Local (3380)	-	-
Application Proxy Host	-	HTTPS (443)	-	-	-	-	-	-	-	-	-	-	-	-	-
Sectona Windows Monitoring Agent	-	HTTPS (443)	-	-		-	-	-	-	-	-	-	-	-	-
Note:	¹ In case of an internal host-based firewall port (8389) to be allowed on/ from the same host All ports are TCP based

Ports for Password & Key Management

The following are the ports used by the system for password changes and key management. These ports should be open from Sectona Web Access component(s).

Asset Category	Asset Type	Port
Operating System	Windows Server	WMI
	Apple MAC OS	22
	Solaris	22
	AIX	22
	Ubuntu	22
	RHEL	22
	HP-UX	22
	Debain	22
	VMWare	22
	Microsoft Hyper-V	135, 445 and Windows high ports
Databases	MSQL	1433
	DB2 on Windows	135, 445 and Windows high ports
	DB2 on Unix	22
	MYSQL	3306
	MariaDB	3306
	Oracle	1521
	Sybase	5000
Network Devices	Checkpoint	22
	Cisco IOS	22
	Fortigate	22
	F5	22
	Juniper	22
	HP ProCurve	22
	Palo Alto	22
	Riverbed	22
Directory Services	Active Directory	389
	Open LDAP	389
	Azure AD	443
Mainframes	AS/400	449, 8476
Mainframes	OS/390	22
Cloud Apps	AWS/Google Cloud/Azure	443

Account Discovery on Target Devices

The following ports are used by the system for the discovery of accounts on target devices. These ports should be open from Sectona Web Access.

Asset Category	Asset Type	Port
Operating System	Windows Server	WMI
	Windows dependencies IIS Pool Services Task	135, 445 and Windows high ports
	Apple MAC OS	22
	Solaris	22
	AIX	22
	Ubuntu	22
	RHEL	22
	HP-UX	22
	CentOS	22
Databases	Microsoft SQL	1433
	MYSQL	3306
	Oracle	1521
Directory Services	Active Directory	389

Ports required for Asset & Resource Discovery

The following is the list of ports used by the system for asset discovery. These ports should be communicable from Sectona Web Access.

Scan Type	Destination	Port
Active Directory Scan	Active Directory	389
Network Scan	Windows	3389
Network Scan	Unix	22
VMWare Scan	VMWare vCentre	443
Azure Resource Scan¹	Microsoft Azure Cloud	443
AWS Resource Scan²	AWS Cloud	443

Note:

^{1, 2} For Azure and AWS resource scan you may require an internet proxy port to be communicable from Sectona Web Access
All ports are TCP based

External communication for Sectona Web Access

Destination	Port No.	Purpose
Active Directory	LDAP (TCP 389) LDAPS (TCP 636)	Authentication
Google Authenticator	HTTPS (TCP 443)	Multi-factor Authentication
Okta	HTTPS (TCP 443)	Multi-factor Authentication
Duo	HTTPS (TCP 443)	Multi-factor Authentication
OneLogin	HTTPS (TCP 443)	Multi-factor Authentication
RSA SecurID	RADIUS (UDP 1812)	Multi-factor Authentication
Vasco	RADIUS (UDP 1812)	Multi-factor Authentication
Google Firebase	HTTPS (TCP 443)	Multi-factor Authentication (Push) & Notification - Sectona Mobile App
SMS Gateway Server	HTTPS (TCP 443)	Multi-factor Authentication
SMTP Server	SMTP (TCP 25)	Email
Syslog Server	SYSLOG (UDP 514)	Log forwarding
Internet Proxy Server	PROXY (TCP 8080)	Communication / Network proxy
Jira Service Desk Cloud	HTTPS (TCP 443)	Service Desk
Jira Service Desk Server	HTTPS (TCP 443)	Service Desk
ServiceNow	HTTPS (TCP 443)	Service Desk

End user communication

The following ports are required for the end user communication from the source to destination.

Access Type	Source	Destination	Port
Browser based access	End User Machine	Sectona Web Access	443
Sectona Client	End User Machine	Sectona Proxy	22, 1080, 23389, 22022(Optional)
Sectona Client	End User Machine	Sectona Web Access	443
Browser with Launcher	End User Machine	Sectona Proxy	22, 1080, 23389, 22022(Optional)
Browser with Launcher	End User Machine	Sectona Web Access	443
RDP Direct	End User Machine	Sectona Web Access	443
RDP Direct	End User Machine	Sectona Jump Host	3389

Note:

All ports are TCP based

WMI ports

The following WMI ports are required during windows local account discovery and password change

Source	Destination	TCP Port	Description
Sectona Web Access	Windows Server/ Workstation	445,135,139,445, 49152-65534	NetBIOS
Sectona Web Access	Any SSH based target server/Device	22