CA PAM Client ports needed to connect to Target Devices
search cancel

CA PAM Client ports needed to connect to Target Devices

book

Article ID: 248699

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Our customer would like to clarify what are the ports that the client requires to perform its functions besides port 443. They need to whitelist it in their network systems and especially their Anti-Virus.
Also if the customer carries out an access connection (RDP or SSH) does that mean the client needs port 3389 or 22 respectively or the PAM appliance is the jump host and only 443 to the appliance is required? (I.e. only the appliance (Jump host) needs the ports 3389 and 22)

Environment

Release: All versions.

Component: PRIVILEGED ACCESS MANAGEMENT

Cause

Request For Information

Resolution

For establishing the connection from the CA PAM server to the target devices, ports are required to be opened from the Target Device to the CA PAM server and not to the user's IP address who is running the CA PAM client.

From the target device, the ports are not required to be opened for the user's desktop (IP Address)

Below is the demonstration.

Wireshark is being used to capture the traffic on port 3389 (Default RDP port) from the user's desktop.

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=jfdk1MD6F4xWoLVR6UFnmw==

Next, a connection to the Windows Target Device is performed.

As we can see there is no traffic from the user's desktop on port 3389, but the RDP connection from the CA PAM client is successful.