Ports that Novell Access Manager uses that we know about.
Ports RequiredReasonComments
SSHIdentity serverFor remote administration of Access Manager components, you need to open the ports required by your application from the remote administration workstation to your Access Manager components. You need to open ports for console access and for file sharing.
SSHAccess GatewayFor remote administration of Access Manager components, you need to open the ports required by your application from the remote administration workstation to your Access Manager components. You need to open ports for console access and for file sharing.
SSHAdministration ConsoleFor remote administration of Access Manager components, you need to open the ports required by your application from the remote administration workstation to your Access Manager components. You need to open ports for console access and for file sharing.
53NTP ServerAccess Manager components must be able to resolve DNS names. Depending upon where your DNS servers are located, you might need to open UDP 53 so that the Access Manager component can resolve DNS names.
53Identity serverAccess Manager components must be able to resolve DNS names. Depending upon where your DNS servers are located, you might need to open UDP 53 so that the Access Manager component can resolve DNS names.
53Access GatewayAccess Manager components must be able to resolve DNS names. Depending upon where your DNS servers are located, you might need to open UDP 53 so that the Access Manager component can resolve DNS names.
53Administration ConsoleAccess Manager components must be able to resolve DNS names. Depending upon where your DNS servers are located, you might need to open UDP 53 so that the Access Manager component can resolve DNS names.
123NTP ServerAccess Manager components must have time synchronized or authentication fails.
123Identity serverAccess Manager components must have time synchronized or authentication fails.
123Access GatewayAccess Manager components must have time synchronized or authentication fails.
123Administration ConsoleAccess Manager components must have time synchronized or authentication fails.
1443Administration ConsoleFor communication from the Administration Console to the devices
1443Access GatewayFor communication from the Administration Console to the devices
1443Identity serverFor communication from the Administration Console to the devices
1443J2EE AgentFor communication from the Administration Console to the devices
8080Identity serverFor authentication communication from the Access Gateway to the Identity Server and from the Identity Server to the Access Gateway.
8080Access GatewayFor authentication communication from the Access Gateway to the Identity Server and from the Identity Server to the Access Gateway.
8080Administration ConsoleFor HTTP communication from the browsers to the Administration Console. Internal Only
8080Browsers/ClientsFor HTTP communication from the browsers to the Administration Console. Internal Only
8443Browsers/ClientsFor HTTP communication from the browsers to the Administration Console. Internal Only
8443Administration ConsoleFor HTTP communication from the browsers to the Administration Console. Internal Only
8443Access GatewayFor authentication communication from the Access Gateway to the Identity Server and from the Identity Server to the Access Gateway.
8443Identity serverFor authentication communication from the Access Gateway to the Identity Server and from the Identity Server to the Access Gateway.
289Administration ConsoleFor communication from the Identity Server to the Novell Audit server on the Administration Console
524Administration ConsoleFor NCP certificate management with NPKI from the Identity Server to the Administration Console.
636Administration ConsoleFor secure LDAP communication from the Identity Server to the Administration Console.
7801 - 78xxIdentity serverFor back-channel Communication with cluster members. You need to open two ports for each member of the cluster plus one. Thus, for a two member cluster, 7801, 7802, 7803, 7804, and 7805 need to be open.
636LDAP User storeFor secure LDAP communication from the Identity Server to the LDAP user store
ICMPImporting a Linux Access GatewayDuring an import, the Linux Access Gateway sends two ICMP pings to the Administration Console. When the import has finished, you can close this port. Remember, you may need to modify and or re-import access gateways after the initial install.
80Browsers/ClientsFor HTTP communication from the client to the Access Gateway.
443Browsers/ClientsFor HTTPS communication from the client to the Access Gateway.
udp 123NTP CommunicationsAccess Manager components must be synchronized or authentication fails. We highly recommend that all components be configured to use an NTP (network time protocol) server. Depending upon where your NTP server is located in relationship to your firewalls, you might need to open UDP 123 so that the Access Manager component can use the NTP server.
udp 53DNS resolutionAccess Manager components must be able to resolve DNS names. Depending upon where your DNS servers are located, you might need to open UDP 53 so that the Access Manager component can resolve DNS names.
22Remote administrationIf you use SSH for remote administration and want to use it for remote administration of Access Manager components, you need to open TCP 22 to allow communication from your remote administration workstation to your Access Manager components.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-11) was last changed on 20-Jan-2016 14:30 by jim