Symantec Privileged Access Management

  • Private Community
Back to discussions
Expand all | Collapse all

When CAPAM rotates an account on a host, what firewall ports are used/should be openned? 

  • 1.  When CAPAM rotates an account on a host, what firewall ports are used/should be openned? 

    Posted Sep 18, 2017 02:55 PM

    We have a secured zone that is firewalled off from our internal zone. What ports do we need to open to allow CAPAM to rotate passwords?

     

    Thank you!



  • 2.  Re: When CAPAM rotates an account on a host, what firewall ports are used/should be openned? 
    Best Answer

    Broadcom Employee
    Posted Sep 18, 2017 03:33 PM

    Hi Jeff, What port is required depends on the target application used. Port information is found in the online documentation, e.g. https://docops.ca.com/ca-privileged-access-manager/2-8-3/EN/deploying/ip-address-and-port-assignments-for-network-connections. This includes ports 22 for managing UNIX accounts, port 636 for the Windows Domain Services target application, and port 27077 for the Windows Proxy. In the latter case the Windows Proxy also needs to be able to connect back into the 443 port of the PAM appliance. Are there other types or target applications you are concerned about?



  • 3.  Re: When CAPAM rotates an account on a host, what firewall ports are used/should be openned? 

    Posted Sep 18, 2017 04:18 PM

    Nope!  That should help us out.  Thank you Ralf.