1. Home
  2. Docs
  3. SecureAccess Appliance
  4. Firewall Ports Reference

Firewall Ports Reference

Use the port reference information below to plan for deploying the appliance.

Celestix Technology

The ports in the section below are required for Comet or application functionality.

SecureAccess

  • TCP port 443 inbound to connect
  • TCP port 8098 inbound and outbound for licensing and to download configuration files

Microsoft Technology

The following reference information is provided here for convenience. It is based on Microsoft® TechNet articles for each of the technologies listed. It. Please see TechNet (https://technet.microsoft.com/) for the most current information.
Last update: 4/14/2016

DirectAccess (behind firewall unless otherwise stated)

Required

TCP port 443 inbound and outbound

Conditional

  • Protocol 41 inbound and outbound for 6to4
  • UDP port 3544 inbound and outbound for Teredo
  • VPN (behind firewall unless otherwise stated)
  • TCP port 1723 inbound and outbound for PPTP
  • Protocol 47 inbound and outbound for PPTP
  • TCP port 443 inbound and outbound for SSTP
  • UDP port 500 inbound and outbound for L2TP/IPsec/IKEv2
  • UDP port 4500 inbound and outbound for L2TP/IPsec/IKEv2
  • Protocol 50 inbound and outbound for L2TP/IPsec/IKEv2
  • UDP port 1701 inbound and outbound for L2TP/IPsec/IKEv2 (perimeter deployment)

WAP

  • TCP port 443 inbound and outbound
  • TCP port 22 inbound and outbound for SSH when SSO Portal is deployed

NPS

  • UDP port 1812
  • UDP port 1813
  • UDP port 1645
  • UDP port 1646

RD Gateway

  • TCP 5504 for connection RD Connection Broker
  • TCP 5985 for WMI and PowerShell Remoting for administration

Remote Desktop Web Access

  • TCP 443 inbound for traffic from RD Clients
  • UDP 3391 inbound for traffic from RD Clients
  • TCP 88 inbound and outbound for Kerberos user authentication
  • TCP 135 inbound and outbound for RPC Endpoint Mapper
  • TCP|UDP 389 inbound and outbound for LDAP user authentication
  • TCP|UDP 53 inbound and outbound for internal resource name resolution, DNS
  • TCP|UDP 389 inbound and outbound for LDAP Certificate Revocation List (CRL)
  • TCP 80 inbound and outbound for HTTP Certificate Revocation List (CRL)
  • TCP 21 inbound and outbound for FTP Certificate Revocation List (CRL)
  • TCP 5985 inbound and outbound for WMI and PowerShell Remoting
  • TCP|UDP 3389 inbound and outbound for RDP

Work Folders

  • TCP port 443 inbound and outbound for folder synching
  • TCP port 80 inbound and outbound for folder synching

ADFS

For reference if WAP or the SSO Portal are deployed.

  • TCP port 443 inbound
  • TCP port 49443 inbound for client TLS authentication using X509 user certificates
  • TCP 80 inbound and outbound for Certificate Revocation List (CRL)