Firewall Rules Required to Enable Privileged Accounts Management
Article ID: 49690
Updated On:
Products
CA Virtual Privilege Manager
CA Privileged Identity Management Endpoint (PIM)
CA Privileged Access Manager (PAM)
Issue/Introduction
Description:
The following article describes the firewall rules that you need to open in order for Access Control Enterprise Management to manage privilege account passwords on endpoints located behind a firewall.
The document does not describe the ports that are required for managing CA Access Control endpoints. These are described in the CA Access Control documentation in the Reference Guide, under the Used Ports chapter.
Solution:
| Rule No. | Source | Destination | Port | Rule Type | Reason |
| 1 | ENTM | Windows Endpoints | 135/TCP | UNIDIRECTIONAL | Remote Procedure Call (RPC) needed for WMI. |
| 2 | ENTM | Windows Endpoints | 445/TCP | UNIDIRECTIONAL | Remote registry access needed for WMI. |
| 3 | ENTM | Windows Endpoints | 139/TCP | UNIDIRECTIONAL | Optional Port. Used only in case Windows endpoint is using NETBIOS protocol. |
| 4 | ENTM | Windows Endpoints | <WMI fixed port>/TCP | UNIDIRECTIONAL | WMI communication. Endpoint needs to be configured with WMI fixed port, which should be opened in the firewall. |
| 5 | ENTM | Windows Endpoints | <ADSI fixed port>/TCP | UNIDIRECTIONAL | ADSI communication. Endpoint needs to be configured with ADSI fixed port, which should be opened in the firewall. |
| 6 | ENTM | SSH Endpoint/Network Device | 22/TCP | UNIDIRECTIONAL | SSH Port - needed for managing SSH devices through SSH protocol. |
| 7 | ENTM | SSH Endpoint/Network Device | 23/TCP | UNIDIRECTIONAL | Telnet Port - needed for managing SSH devices through Telnet protocol. |
| 8 | ENTM | Oracle Endpoint | 1521/TCP | UNIDIRECTIONAL | Oracle database port. Needed for managing Oracle endpoints. |
| 9 | ENTM | Microsoft SQL Server Endpoint | 1433/TCP | UNIDIRECTIONAL | Microsoft SQL Server database port. Needed for managing MS SQL Server endpoints. |
| 10 | ENTM Admin | ENTM | 18080,18433/TCP | UNIDIRECTIONAL | This rule is optional. It is only needed when using ENTM Web UI from a machine which is behind a firewall. |
Environment
Release:
Component: SEOSWG
Component: SEOSWG
Feedback
Yes
No
Powered by
