<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
Ports that [Novell Access Manager] uses that we know about.

%%zebra-table
%%sortable
%%table-filter
||Ports Required||Reason||Comments
|SSH|Identity server|For remote administration of Access Manager components, you need to open the ports required by your application from the remote administration workstation to your Access Manager components. You need to open ports for console access and for file sharing.
|SSH|Access Gateway|For remote administration of Access Manager components, you need to open the ports required by your application from the remote administration workstation to your Access Manager components. You need to open ports for console access and for file sharing.
|SSH|Administration Console|For remote administration of Access Manager components, you need to open the ports required by your application from the remote administration workstation to your Access Manager components. You need to open ports for console access and for file sharing.
|53|NTP Server|Access Manager components must be able to resolve DNS names. Depending upon where your DNS servers are located, you might need to open UDP 53 so that the Access Manager component can resolve DNS names.
|53|Identity server|Access Manager components must be able to resolve DNS names. Depending upon where your DNS servers are located, you might need to open UDP 53 so that the Access Manager component can resolve DNS names.
|53|Access Gateway|Access Manager components must be able to resolve DNS names. Depending upon where your DNS servers are located, you might need to open UDP 53 so that the Access Manager component can resolve DNS names.
|53|Administration Console|Access Manager components must be able to resolve DNS names. Depending upon where your DNS servers are located, you might need to open UDP 53 so that the Access Manager component can resolve DNS names.
|123|NTP Server|Access Manager components must have time synchronized or authentication fails. 
|123|Identity server|Access Manager components must have time synchronized or authentication fails. 
|123|Access Gateway|Access Manager components must have time synchronized or authentication fails. 
|123|Administration Console|Access Manager components must have time synchronized or authentication fails. 
|1443|Administration Console|For communication from the Administration Console to the devices
|1443|Access Gateway|For communication from the Administration Console to the devices
|1443|Identity server|For communication from the Administration Console to the devices
|1443|J2EE Agent|For communication from the Administration Console to the devices
|8080|Identity server|For authentication communication from the Access Gateway to the Identity Server and from the Identity Server to the Access Gateway.
|8080|Access Gateway|For authentication communication from the Access Gateway to the Identity Server and from the Identity Server to the Access Gateway.
|8080|Administration Console|For HTTP communication from the browsers to the Administration Console. Internal Only
|8080|Browsers/Clients|For HTTP communication from the browsers to the Administration Console. Internal Only
|8443|Browsers/Clients|For HTTP communication from the browsers to the Administration Console. Internal Only
|8443|Administration Console|For HTTP communication from the browsers to the Administration Console. Internal Only
|8443|Access Gateway|For authentication communication from the Access Gateway to the Identity Server and from the Identity Server to the Access Gateway.
|8443|Identity server|For authentication communication from the Access Gateway to the Identity Server and from the Identity Server to the Access Gateway.
|289|Administration Console|For communication from the Identity Server to the Novell Audit server on the Administration Console
|524|Administration Console|For NCP certificate management with NPKI from the Identity Server to the Administration Console.
|636|Administration Console|For secure LDAP communication from the Identity Server to the Administration Console.
|7801 -  78xx|Identity server|For [back-channel Communication] with cluster members. You need to open two ports for each member of the cluster plus one. Thus, for a two member cluster, 7801, 7802, 7803, 7804, and 7805 need to be open.
|636|LDAP User store|For secure LDAP communication from the Identity Server to the LDAP user store
|ICMP|Importing a Linux Access Gateway|During an import, the Linux Access Gateway sends two ICMP pings to the Administration Console. When the import has finished, you can close this port. Remember, you may need to modify and or re-import access gateways after the initial install.
|80|Browsers/Clients|For HTTP communication from the client to the Access Gateway.
|443|Browsers/Clients|For HTTPS communication from the client to the Access Gateway.
|udp 123|NTP Communications|Access Manager components must be synchronized or authentication fails. We highly recommend that all components be configured to use an NTP (network time protocol) server. Depending upon where your NTP server is located in relationship to your firewalls, you might need to open UDP 123 so that the Access Manager component can use the NTP server.
|udp 53|DNS resolution|Access Manager components must be able to resolve DNS names. Depending upon where your DNS servers are located, you might need to open UDP 53 so that the Access Manager component can resolve DNS names.
|22|Remote administration|If you use SSH for remote administration and want to use it for remote administration of Access Manager components, you need to open TCP 22 to allow communication from your remote administration workstation to your Access Manager components.
/%
/%
/%

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>