Firewall Rules Required to Enable Privileged Accounts Management

Document ID : KB000049690
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The following article describes the firewall rules that you need to open in order for Access Control Enterprise Management to manage privilege account passwords on endpoints located behind a firewall.

The document does not describe the ports that are required for managing CA Access Control endpoints. These are described in the CA Access Control documentation in the Reference Guide, under the Used Ports chapter.

Solution:

Rule No.SourceDestinationPortRule TypeReason
1ENTMWindows Endpoints135/TCPUNIDIRECTIONALRemote Procedure Call (RPC) needed for WMI.
2ENTMWindows Endpoints445/TCPUNIDIRECTIONALRemote registry access needed for WMI.
3ENTMWindows Endpoints139/TCPUNIDIRECTIONALOptional Port. Used only in case Windows endpoint is using NETBIOS protocol.
4ENTMWindows Endpoints<WMI fixed port>/TCPUNIDIRECTIONALWMI communication. Endpoint needs to be configured with WMI fixed port, which should be opened in the firewall.
5ENTMWindows Endpoints<ADSI fixed port>/TCPUNIDIRECTIONALADSI communication. Endpoint needs to be configured with ADSI fixed port, which should be opened in the firewall.
6ENTMSSH Endpoint/Network Device22/TCPUNIDIRECTIONALSSH Port - needed for managing SSH devices through SSH protocol.
7ENTMSSH Endpoint/Network Device23/TCPUNIDIRECTIONALTelnet Port - needed for managing SSH devices through Telnet protocol.
8ENTMOracle Endpoint1521/TCPUNIDIRECTIONALOracle database port.
Needed for managing Oracle endpoints.
9ENTMMicrosoft SQL Server Endpoint1433/TCPUNIDIRECTIONALMicrosoft SQL Server database port.
Needed for managing MS SQL Server endpoints.
10ENTM AdminENTM18080,18433/TCPUNIDIRECTIONALThis rule is optional. It is only needed when using ENTM Web UI from a machine which is behind a firewall.