Network ports that are required for the Auth Connector to function

book

Article ID: 169119

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

The Auth Connector (BCCA) is installed on a member server. To establish connections to various destinations/servers/public domains on certain ports, all these destinations and ports are required to be open and unrestricted.

Environment

Web Security Services 

Auth Connector 

Resolution

Authentication: (BCCA.exe)
Port 443 to auth.threatpulse.com (199.19.250.193 & 199.116.168.193)
Port 443 to portal.threatpulse.com (199.19.250.192)

Note: In an IPSEC deployment, BCCA must also be able to talk to the same data pods authentication servers where the IPSEC tunnel terminates. Please refer to Unified Agent in failed close state & Unable to connect to the Internet and Authentication IP Addresses by Data Center for more details. For other deployments, all the data pods authentication servers need to be reachable by BCCA.

Authentication: (ACLogon.exe - login script for sending logged-in credentials directly to BCCA.)
Port 80 from all clients to BCCA server

Roaming Captive Portal:
Port 8080 to proxy.threatpulse.com

SAML:
8443

Internal ports: (between BCCA server and Domain Controllers)