Topic Thread

Expand all | Collapse all

Source port in firewall rule for External Systems connecting CA components

  • 1.  Source port in firewall rule for External Systems connecting CA components

    Posted 04-13-2019 05:04 AM

    Hello Everyone,

     

    We need to create inbound rules in firewall for external applications connecting to CA components like IDM, SiteMinder and Advance Authentication. I need to know what will be the source port on which the external applications connect with these CA components, that we should provide in firewall rule. Is the source port random?

     

    Thanks,

    Ankur



  • 2.  Re: Source port in firewall rule for External Systems connecting CA components

    Posted 04-15-2019 02:23 AM

    Hi,

     

    Usually, in the Client - Server model, the client uses a random port
    and the server uses a determined one.

     

    So on SiteMinder, the clients :

    - browser
    - agent (including embedded agent of components like AdminUI)

     

    use random client port.

     

    About SiteMinder Services ports :

     

    Basically, with no specific additional option, those one will be
    needed :

     

    Policy Server 44441, 44442, 44443, 44447, 44448, 44449, 44450
    CA Access Gateway (SPS) 80, 443, 8080, 543, 8005, 8009
    Web Agent and Web Server 80, 443
    AdminUI 8080, 8443

     

    Firewall settings
    https://docops.ca.com/ca-single-sign-on/12-8/en/installing/install-a-policy-server/install-policy-server-on-windows

     

    Configure OneView Monitor Port Numbers
    https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/configure-oneview-monitor-port-numbers

     

    CA Access Gateway Configuration
    https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/ca-access-gateway-configuration

     

    Policy Server Configuration
    https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/policy-server-configuration

     

    Hope this helps,

    Patrick