This section provides a list of communication ports that need to be open in the firewall for Active Roles to function properly.
This section provides a list of communication ports that need to be open in the firewall for Active Roles to function properly.
If the environment managed by Active Roles is located behind a firewall, then the following ports must be open between the Active Roles Administration Service and managed environment.
For instance, if there is a firewall between Active Roles and DNS, then port 15172 must be open (Inbound/Outbound) on the Active Roles host (or the firewall between Active Roles and Exchange) and port 53 must be open on the DNS server (or the firewall between Active Roles and DNS).
Port 53 TCP/UDP Inbound/Outbound
Port 88 (Kerberos) TCP/UDP Inbound/Outbound
Port 135 (RPC endpoint mapper) TCP Inbound/Outbound
Port 139 (SMB/CIFS) TCP Inbound/Outbound
Port 445 (SMB/CIFS) TCP Inbound/Outbound
Port 389 (LDAP) TCP/UDP Outbound
Port 3268 (Global Catalog LDAP) TCP Outbound
Port 636 (LDAP SSL) TCP Outbound
This port is required if Active Roles is configured to access the domain by using SSL.
Port 3269 (Global Catalog LDAP SSL) TCP Outbound
This port is required if Active Roles is configured to access the domain by using SSL.
The TCP port allocated by RPC endpoint mapper for communication with the domain controller.
You can configure Active Directory domain controllers to use specific port numbers for RPC communication. For instructions, see How to restrict Active Directory RPC traffic to a specific port.
The following ports must be open for the notifications specific to SaaS-based operations to work. The Web Interface machine should be able to resolve Service machine name for notifications to work.
Port 7465 (HTTP) TCP Inbound/Outbound
Port 7466 (HTTPS) TCP Inbound/Outbound
Port 135 (RPC endpoint mapper) TCP Inbound/Outbound
The TCP port allocated by RPC endpoint mapper for communication with the Exchange server.
You can configure Exchange servers to use specific port numbers for RPC communication. For more information, contact Microsoft Support.
The following ports must be open for operations related to the WinRM service to work:
Port 5985 (HTTP) TCP Inbound/Outbound
Port 5986 (HTTPS) TCP Inbound/Outbound
Port 80 TCP Inbound/Outbound
Port 139 (SMB/CIFS on the managed computers) TCP Inbound/Outbound
Port 445 (SMB/CIFS on the managed computers) TCP Inbound/Outbound
Port 139 (SMB/CIFS on the managed computers) TCP Inbound/Outbound
Port 137 (WINS) UDP Outbound
Port 138 (NetBIOS datagrams) UDP Outbound
Port 139 (SMB/CIFS on the servers that host home folders) TCP Inbound/Outbound
Port 445 (SMB/CIFS on the servers that host home folders) TCP Inbound/Outbound
Port 25 (Default SMTP port) TCP Outbound
Active Roles uses SMTP port 25 by default. The default port number can be changed in the properties of the Mail Configuration object in the Active Roles Console. If Mail Configuration specifies a different port, open that port rather than port 25.
The TCP port specified when registering the AD LDS instance with Active Roles
You can set up a firewall between Active Roles client components, such as the Active Roles Console (also known as the MMC Interface), Web Interface, ADSI Provider or Management Shell, and the Active Roles Administration Service.
To access the Active Roles Administration Service with the Active Roles client components through a firewall, you must open port 15172 and all high ports (1024-65535) on port 15172 in the firewall. The client machines randomly select high ports to use for outgoing traffic on port 15172 to access the Active Roles Administration Service.
To give access to the Active Roles Administration Service through a firewall
In the firewall, open port 15172 TCP Inbound/Outbound.
NOTE: For more information about opening ports in your firewall, refer to the operating system's or the network device vendor's documentation.
In the firewall, open the high ports (port range 1024-65535) on port 15172.
NOTE: To check the list of high ports being used on port 15172, in the Active Roles Console of a client machine, use the netstat -an command.
To access the Active Roles Web Interface through a firewall, open the following ports:
Port 80 (Default HTTP) TCP Inbound/Outbound
Port 443 (Default HTTPS) TCP Inbound/Outbound
The Web Interface normally runs over port 80, or over port 443 if SSL is enabled (off by default).
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center