This document outlines the network port configurations for secure and efficient communication between servers, clients, and SurePassID components. It includes settings for Windows Login Manager, RADIUS, DirSync, SPAS (MFA) andSMTP services.
1. General Configuration: Ensure all necessary ports are allowed through the firewall for server-client communication.2. TCP Port 443 for Windows Login Manager: This port is essential for the normal operation of systems equipped with Windows Login Manager. It requires bidirectional communication between clients and the server. Make sure TCP Port 443 is open.
3. RADIUS - UDP Port 1812: The default port for RADIUS authentication is UDP Port 1812. This port should be open between the firewall/VPN system (client) and the Local Agent/RADIUS server.
4. DirSync - Ports 389 and 636: For synchronization with AD domain controllers, either port 389 TCP/UDP (unsecured) or 636 TCP/UDP (secured) should be open, depending on your security preference. This is necessary for communication between the machine running DirSync and the AD domain controllers.
5. Testing/Initial Setup - Ping: Enable ICMP Ping to test connectivity during the initial setup phase. This should be allowed from the server running RADIUS to the RADIUS clients.
6. DMZ Configurations - TCP Port 443: For communication from DMZ proxies to MFA and/or ADFS servers inside the network, ensure that TCP Port 443 is open in the DMZ.
7. SMTP Configuration: For email communication from the MFA server, open the necessary SMTP port(s), typically TCP 25/465/587, depending on the protocols used. This is required for outbound communication from the MFA server to the SMTP server.
Conclusion: Properly configuring these ports is crucial for the secure and effective functioning of your SurePassID services. Regularly review and adjust these settings in accordance with your organization's security guidelines and the evolving IT environment.
Note: This guide should be used alongside your organization's specific security policies and network setup. Always consult with your network security team when modifying firewall and port configurations.