Agent for Windows Authentication Guide › Deployment Prerequisites for the Federation Agent for Windows › Port Specification
Port Specification
If your configuration has a firewall between the CA SiteMinder® Federation Standalone Windows Agent and the domain controller, the following static ports must be opened to allow communication:
- Microsoft-DS traffic (445/tcp, 445/udp)
- Lightweight Directory Access Protocol (LDAP) ping (389/udp)
- Domain Name System (DNS) (53/tcp, 53/udp)
- Kerberos authentication protocol (88/tcp, 88/udp)
- NetBIOS datagram Service (138/tcp, 138/udp)
- NetBIOS-ns Service (137/tcp, 137/udp)
- epmap (135/tcp, 135/udp)
In addition, the following Local Security Authority (LSA) ports are dynamic and must be made static by modifying registry entries:
- Local Security Authority Service(NTDS) (1025/tcp, 1025/udp):: Configurable Port required for NTLM
- Local Security Authority Service(NetLogin) (1026/tcp, 1026/udp):: Configurable Port required for Kerberos
Visit the following site for information about the LSA ports:
http://support.microsoft.com/kb/224196/
Copyright © 2013 CA.
All rights reserved.
|
|