Port Specification

Federation Manager Agent for Windows Authentication Guide › Installation Prerequisites › Port Specification

Port Specification

If your configuration has a firewall between the Federation Manager Windows Agent and the domain controller, the following static ports must be opened to allow communication:

Microsoft-DS traffic (445/tcp, 445/udp)
Lightweight Directory Access Protocol (LDAP) ping (389/udp)
Domain Name System (DNS) (53/tcp, 53/udp)
Kerberos authentication protocol (88/tcp, 88/udp)
NetBIOS datagram Service (138/tcp, 138/udp)
NetBIOS-ns Service (137/tcp, 137/udp)
epmap (135/tcp, 135/udp)

In addition, the following Local Security Authority (LSA) ports are dynamic and must be made static by modifying registry entries:

Local Security Authority Service(NTDS) (1025/tcp, 1025/udp):: Configurable Port required for NTLM
Local Security Authority Service(NetLogin) (1026/tcp, 1026/udp):: Configurable Port required for Kerberos

Visit the following site for information about the LSA ports:

http://support.microsoft.com/kb/224196/

Email CA Technologies about this topic