Ports Used¶
Securden Unified PAM uses a range of ports to ensure secure communication. The following are the TCP (Transmission Control Protocol) ports used in Securden PAM.
-
By default, Securden Unified PAM comes with PostgreSQL server as the default RDBMS. Optionally, you can use MS SQL Server as the backend database. Port 5858 connects all the primary, secondary, and application servers to the PostgreSQL database. The port 1433 connects the product servers (primary and application servers) to the SQL server.
-
End-users connect to the User Interface of the product using port 5959. Administrators can choose to change this port to 443 or any other port if required.
-
When Securden Session Manager is employed, remote desktop sessions are launched through port 3389. Administrators can also define custom ports and users can use those specified references for SSH tunnelling.
-
Web remote connections use the port 5622 for SSH and 5626 for RDP.
| Port Name | Source | Destination | Port (TCP) | Details |
|---|---|---|---|---|
| PostgreSQL Database Port | Primary, Secondary, and all Application Servers | PostgreSQL Server | 5858 | - |
| MS SQL Database Port | Primary and Application Servers | MS SQL Server | 1433 | - |
| Securden Server Port | To all Users (End Machines), Agents, and Secondary Servers | Primary | 5959 (Web-Port) | For all servers this port can be changed if required |
| Securden Server Port | To all Users (End Machines), Agents, and Secondary Servers | Secondary | 5959 (Web-Port) | For all servers this port can be changed if required |
| SSM Port (Inbound) | All Client machines | SSM Server installed machine(s) | 3389 (RDP Port) | 3389 is opened on the SSM for all client machines |
| SSM Port (Outbound) | SSM Server installed machine(s) | To all Target Machines | 3389 (RDP Port) | 3389 is opened to all target machines from the SSM Server |
| Web - SSH | To all Users (End Machines) | On all application servers | 5622 | - |
| Web - RDP | To all Users (End Machines) | On all application servers | 5626 | - |
| SMTP Sever Port (Mail Server Port) | - | - | 587 | TLS |
| SMTP Sever Port (Mail Server Port) | - | - | 465 | SSL |
Proxy Server Port¶
This port must be open if your organization makes use of a proxy server to regulate internet traffic. Navigate to Admin >> General >> Proxy Server Settings and configure the port details to facilitate Securden to connect to the internet.
AD Port¶
AD Port is used for the account discovery purpose while integrating with the Active Directory.
RADIUS Server Port¶
You can integrate the RADIUS server or any RADIUS-compliant two-factor authentication system like OneSpan Digipass, RSA SecurID, etc., for the second-factor authentication. Navigate to Admin >> Authentication >> Two-Factor Authentication. Click the configure option on RADIUS Authentication. In the RADIUS Server Settings page that opens up, you may configure the details of the authentication port.
| Port Name | Source | Destination | Port (TCP) | Details |
|---|---|---|---|---|
| Proxy Server Port | Primary Server | Proxy Server | Based on your settings | If needed |
| AD (DC) Port | Primary Server | AD DC | 636 | SSL/TLS |
| AD (DC) Port | - | - | 339 | If there is no SSL |
| RADIUS Server Port | - | - | 1812 | If needed |
| Azure AD | Primary/application server | Azure AD | Graph API | If needed |
| Breached Password Identification | Primary Server (Requires internet connection) | - | API | https://api.pwnedpasswords.com/ |
| Other Ports | - | - | - | Check your integration port requirements |