The Auth Connector (BCCA) is installed on a member server. To establish connections to various destinations/servers/public domains on certain ports, all these destinations and ports are required to be open and unrestricted.
Web Security Services
Auth Connector
Authentication: (BCCA.exe)
Port 443 to auth.threatpulse.com (199.19.250.193 & 199.116.168.193)
Port 443 to portal.threatpulse.com (199.19.250.192)
Note: In an IPSEC deployment, BCCA must also be able to talk to the same data pods authentication servers where the IPSEC tunnel terminates. Please refer to Unified Agent in failed close state & Unable to connect to the Internet and Authentication IP Addresses by Data Center for more details. For other deployments, all the data pods authentication servers need to be reachable by BCCA.
Authentication: (ACLogon.exe - login script for sending logged-in credentials directly to BCCA.)
Port 80 from all clients to BCCA server
Roaming Captive Portal:
Port 8080 to proxy.threatpulse.com
SAML:
8443
Internal ports: (between BCCA server and Domain Controllers)