| 1 |
User workstation |
Securitaas appliance |
Non-Admin user/Admin |
NA |
Unidirectional |
443, 9001 |
443 - Web access and application communication, 9001 - backend communication with application during session creation. |
| 2 |
User workstation |
Securitaas appliance |
Non-Admin user |
NA |
Unidirectional |
4000-6000 (Dynamic) |
These are Dynamic ports for remote sessions, which are created at runtime to establish a dedicated channel for connection. These ports close as sessions close. |
| 3 |
User workstation |
Securitaas appliance |
Admin |
NA |
Unidirectional |
443, 9090 |
These are ports for admin access to application. 443 - Web access and application communication, 9090 - is for appliance manager communication which is only to be used by admin. These ports can be opened either for admin user's workstation or from a jump server. |
| 4 |
Securitaas appliance |
Target server |
NA (machine level communication) |
Windows |
Unidirectional |
22 |
SSH communication to Windows servers. This port is used for just-in-time (JIT) provisioning and deprovisioning of user access (adding/removing users from local or domain groups), password rotation, and provisioning access of a user to a local windows group. Requires OpenSSH Server to be installed and configured on the target Windows server. |
| 5 |
Domain controller |
Securitaas appliance |
NA (machine level communication) |
Windows |
Unidirectional |
443, 9001, 9002 |
Required ports for domain controllers to communicate with SecurITaas appliance. 443 - HTTPS communication, 9001 - Certificate operations and agent registration, 9002 - Certificate revocation list (CRL) for certificate validation. |
| 6 |
Target server |
Securitaas appliance |
NA (machine level communication) |
Windows |
Unidirectional |
443, 9001, 9002 |
Required ports for target Windows servers to communicate with SecurITaas appliance. 443 - HTTPS communication, 9001 - Credential Provider authentication and agent communication, 9002 - Certificate revocation list (CRL) for certificate validation. |
| 7 |
Connector server |
Target server |
All users |
Windows |
Unidirectional |
3389 |
RDP access to Windows servers. This is used by connector to communicate with target windows servers for creating sessions. |
| 8 |
Securitaas appliance |
Connector server |
NA (machine level communication) |
NA (not a target server) |
Unidirectional |
3389 |
RDP communication to connector. |
| 9 |
Connector server |
Securitaas appliance |
NA (machine level communication) |
NA (not a target server) |
Unidirectional |
9001, 443 |
These ports are used by connector to communicate with application. 9001 - & 443 - backend access to application. |
| 10 |
Target server |
Securitaas appliance |
NA (machine level communication) |
Linux |
Unidirectional |
389, 636 |
LDAP/LDAPS communication. These ports are used by target linux server to communicate with securitaas appliance to fetch sudoers for a user, these sudoers allow for passwordless privilege elevation or switch user to a privileged user. |
| 11 |
Connector server |
Target server |
All users |
Linux |
Unidirectional |
22 |
SSH access to Linux servers This is used by connector to communicate with target linux servers for creating sessions. |
| 12 |
Securitaas appliance |
NFS server for session recording storage |
NA (machine level communication) |
NA (not a target server) |
Unidirectional |
2049 |
NFS mount for session recordings. This is used by securitaas appliance to store session recordings. |