Signature Appliance port requirements for Active Directory install

Protocol and PortAD and AD DS UsageType of Traffic
TCP and UDP 389Directory, Replication, User and Computer Authentication, Group Policy, TrustsLDAP
TCP 636Directory, Replication, User and Computer Authentication, Group Policy, TrustsLDAP SSL
TCP 3268Directory, Replication, User and Computer Authentication, Group Policy, TrustsLDAP GC
TCP 3269Directory, Replication, User and Computer Authentication, Group Policy, TrustsLDAP GC SSL
TCP and UDP 88User and Computer Authentication, Forest Level TrustsKerberos
TCP and UDP 53User and Computer Authentication, Name Resolution, TrustsDNS
TCP and UDP 445Replication, User and Computer Authentication, Group Policy, TrustsSMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc
TCP 25ReplicationSMTP
TCP 135ReplicationRPC, EPM
TCP DynamicReplication, User and Computer Authentication, Group Policy, TrustsRPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS
TCP 5722File ReplicationRPC, DFSR (SYSVOL)
UDP 123Windows Time, TrustsWindows Time
TCP and UDP 464Replication, User and Computer Authentication, TrustsKerberos change/set password
UDP DynamicGroup PolicyDCOM, RPC, EPM
UDP 138DFS, Group PolicyDFSN, NetLogon, NetBIOS Datagram Service
TCP 9389AD DS Web ServicesSOAP
UDP 67 and UDP 2535DHCP Note DHCP is not a core AD DS service but it is often present in many AD DS deployments. DHCP, MADCAP
UDP 137User and Computer AuthenticationNetLogon, NetBIOS Name Resolution
TCP 139User and Computer Authentication, ReplicationDFSN, NetBIOS Session Service, NetLogon


TCP Dynamic” in the Protocol and Port column of the table refers to ports 1025 through 5000; which is the default port range for Windows Server 2003. Dynamic ports 49152 through 65535 are used for Windows Server 2008 R2 and Windows Server 2008. The following is the list of services and their ports used for Signature Appliance communication:

  • TCP Port 443 – Enables all Signature Appliance client capabilities
  • TCP Port 8080 – Enables Web Services
  • TCP Port 8081 – Enables RESTful API Services
  • IPSec ports (UDP 500) – This is only applicable in certain instances (HA/LB)
 

Signature Appliance with Symantec CA using the following ports and destinations:

  • For a Production account - https://pki-ws.symauth.com/pki-ws
  • For a Pilot account - https://ptnr-pki-ws.bbtest.net/pki-ws