Network ports that are required for the Auth Connector to function


Article ID: 169119


Updated On:


Web Security Service - WSS


The Auth Connector (BCCA) is installed on a member server. To establish connections to various destinations/servers/public domains on certain ports, all these destinations and ports are required to be open and unrestricted.


Web Security Services 

Auth Connector 


Authentication: (BCCA.exe)
Port 443 to ( &
Port 443 to (

Note: In an IPSEC deployment, BCCA must also be able to talk to the same data pods authentication servers where the IPSEC tunnel terminates. Please refer to Unified Agent in failed close state & Unable to connect to the Internet and Authentication IP Addresses by Data Center for more details. For other deployments, all the data pods authentication servers need to be reachable by BCCA.

Authentication: (ACLogon.exe - login script for sending logged-in credentials directly to BCCA.)
Port 80 from all clients to BCCA server

Roaming Captive Portal:
Port 8080 to


Internal ports: (between BCCA server and Domain Controllers)