One of the most common questions that comes up during CA Single Sign-On Professional Services engagements is: “What ports do I need to open for CA Single Sign-On?". This is generally followed by: “What does each port do?”. These are great questions and we wanted to consolidate the answers in one place. And so, without further ado, CoreBlox proudly presents our first chapter in our Unofficial CA Single Sign-On Guide: Ports!
When CA Single Sign-On is configured correctly, it just works and it works well! Sometimes getting through that initial configuration can be a bit like playing a game of Tetris, especially in an organization that relies on firewalls to control access to specific ports.
Below is a list of the default ports that are commonly associated with CA Single Sign-On implementations. By no means is this definitive, as configurations will vary between organization based upon requirements and standards. However, this is a good starting point when working with security and network teams during the installation and configuration of CA Single Sign-On.
|Port #||Use||Open Between||Comment|
|44441||Web Agent Accounting Port||Web Agent / Policy Server||Accounting Port|
|44442||Web Agent Authentication Port||Web Agent / Policy Server||* Required - Peforms Authentication Requests to Policy Server|
|44443||Web Agent Authorization Port||Web Agent / Policy Server||* Required - Peforms Authorization Requests to Policy Server|
|44444||Web Agent Administration Port||Policy Server||Not used by the WebAgent , Used by Policy Server for AdminUI|
|8080||AdminUI HTTP||Browser / AdminUI Service||Used for non-secure connection to the WAMUI console|
|8443||AdminUI HTTPS||Browser / AdminUI Service||Used for secure connection to the WAMUI console|
|8180||JBOSS Service Ports||Browser / JBOSS||Not used in normal operation|
|389||LDAP||Policy Server / User-Policy Store||Used for non-secure connection to an LDAP Sever|
|636||LDAP (Secure)||Policy Server / User-Policy Store||Used for secure-connection to an LDAP Server|
|1433||SQL||Policy Server / User-Policy Store||Used for communication with an SQL data source|
|44449||OneView Agent||OneView Agent/ OneView Montor||Used for communication between the OneView Agent and Montitor|
|44450||OneView Monitor||Browser / OneView Monitor||Port used by the OneView Montior|
|7680||Enhanced Assurance/Device DNA||Access Gateway / Policy Server||Used for Session Assurance Functionality|
|8080||Access Gateway ProxyUI||Browser / ProxyUI||Should not be installed on same server as AdminUI|
|543||Access Gateway ProxyUI||Browser / AdminUI Service||SSL for port for ProxyUI|
|8001||SMNP Agent||SMNP Agent / SMNP Monitor||Used if SMNP has been configured|
|161||SMNP Port||SMNP Service||Used if SMNP has been configured|
|80||HTTP||Browser / WebAgent||Standard Communication Port|
|443||HTTPS||Browser / WebAgent||Standard Communication Port|