Ports and Network Resources Reference
Check this reference and ensure your firewall is configured to allow inbound and outbound connections to the following ports. This port configuration is essential to product operability since facilitates data collection, acquisition, and transmission between the product components and audit sources.
QUICK TIP: Need a quick recap of how the firewall works? For successful data transmission over firewall, the sender computer should be allowed to transfer data (outbound connection) to a specific port on a remote computer. On the other side, the receiver computer should be configured to allow traffic (inbound connection) to the same local port. The best practice is to keep inbound connections all under supervision and not to open ports unless necessary.
Configuring Windows Firewall Rules
- Start the Windows Firewall with Advanced Security.
- On the left, specify the type of rule you want to create (inbound or outbound), right-click the section, and select New Rule.
- Complete the wizard as follows:
- On the Rule Type step, specify Port.
On the Ports and Protocols step, select the protocol type (TCP or UDP). Depending on the rule you create, specify the port number in the Specific local ports or Specific remote ports correspondingly.
- On the Action step, select Allow the connection.
- On the Profile step, specify when this rule should be in use (within your corporate domain, private network, or public network).
- On the Name step, enter the name and description explaining the rule.
- Ensure the newly created rule is enabled.
Cygna Platform
The server or workstation where Cygna platform is deployed should be configured to allow the following connections.
|
CONNECTION |
PORT |
PROTOCOL |
PORT |
REQUIRED FOR |
|---|---|---|---|---|
|
Inbound |
Local |
TCP |
80 (http) 443 (https) |
IIS |
|
Outbound |
Remote |
TCP (HTTP/2) |
6656 |
Interaction with Cygna Entitlement servers. |
|
Outbound |
Remote |
TCP |
443 (https) |
Access to Cygna Auditor online help at docs.cygnalabs.com. |
|
Outbound |
Remote |
TCP |
1433 |
Interaction with SQL Server-based data storage. |
Entitlement and Security Server
The server collecting entitlement data is located should be configured to allow the following connections.
|
CONNECTION |
PORT |
PROTOCOL |
PORT |
REQUIRED FOR |
|---|---|---|---|---|
|
Inbound |
Local |
TCP (HTTP/2) |
6656 |
Interaction with Cygna platform. |
|
Outbound |
Remote |
TCP |
389 |
Domain LDAP |
|
Outbound |
Remote |
TCP |
3268 |
Global catalog LDAP |
|
Outbound |
Remote |
TCP |
636 |
Domain LDAP over SSL (LDAPS) |
|
Outbound |
Remote |
TCP |
3269 |
Global catalog LDAP over SSL (LDAPS) |
Database server
The server where entitlement database is located should be configured to allow the following connections.
|
CONNECTION |
PORT |
PROTOCOL |
PORT |
REQUIRED FOR |
|---|---|---|---|---|
|
Inbound |
Local |
TCP |
1433 (default instance) dynamic (named instance) |
Interaction with Cygna platform. |
Active Directory DCs
Domain controllers in the Active Directory domain you want to query for entitlement and user assignment data.
|
CONNECTION |
PORT |
PROTOCOL |
PORT |
REQUIRED FOR |
|---|---|---|---|---|
|
Inbound |
Local |
TCP |
389 |
Domain LDAP |
|
Inbound |
Local |
TCP |
3268 |
Global catalog LDAP |
|
Inbound |
Local |
TCP |
636 |
Domain LDAP over SSL (LDAPS) |
|
Inbound |
Local |
TCP |
3269 |
Global catalog LDAP over SSL (LDAPS) |
