Computer and IT knowledge - things to know - All
+--------------------------------------------------------------+
| Required Open Ports |
+------------------------+----------------+---------------------+
| Port | Protocol | Service/Application |
+------------------------+----------------+---------------------+
| 22 | TCP | SSH (Secure Shell) |
| 123 | UDP | NTP (Time Sync) |
| 443 | TCP | HTTPS |
| 1645 | UDP | RADIUS Auth |
| 1646 | UDP | RADIUS Accounting |
| 1812 | UDP | RADIUS Auth |
| 1813 | UDP | RADIUS Accounting |
| 5432 | TCP | PostgreSQL DB |
| 5433 | TCP | Insight DB & TipsLog|
+------------------------+----------------+---------------------+
To manage or filter network traffic related to the additional ports used by ClearPass Features, you will need to create appropriate firewall rules. Here is a summarized list of those ports, protocols, and services, which you can use to configure your firewall:
---
### ClearPass Additional Ports and Protocols
| Port(s) | Protocol | Service | Used by | Description |
|---------|----------|---------|---------|--------------|
| **443** | TCP | HTTPS | ClearPass UI | Management Station & Guest Portal |
| **22** | TCP | SSH | ClearPass | Secure Shell access |
| **443** | TCP | HTTP (not recommended) | Guest Portal | Can be configured if needed |
| **443** | TCP | HTTPS | Update Service | ClearPass Update Server |
| **443** | TCP | HTTPS | OnGuard Agent | Endpoints |
| **6658** | TCP | (Recommended to be open) | OnGuard to CPPM | Endpoints communication |
| **7432** | TCP | Diagnostics | Cluster Diagnostics | Clusters |
| **3799** | TCP/UDP | RADIUS CoA (RFC3576) | NAS Devices | AAA Services |
| **49** | TCP/UDP | TACACS | NAS Devices | Terminal Access Controller Access-Control System |
| **ICMP** | ICMP | Echo (ping) | Domain Join, AD communication | Between ClearPass and Active Directory |
| **389** | TCP/UDP | LDAP | AD Servers | Directory services |
| **636** | TCP/UDP | LDAP over SSL | AD Servers | Secure LDAP |
| **445** | TCP/UDP | NetLogon | AD Servers | Windows Authentication |
| **49152-65535** | TCP | SMBv2/v3 RPC | AD Servers | High TCP ports for SMB |
| **1025-5000** | TCP | SMBv1 RPC | AD Servers | Low TCP ports for SMB |
| **88** | UDP | Kerberos Authentication | AD Servers | Authentication protocol |
| **464** | TCP | Password Change | AD Servers | Kerberos password change |
| **139** | TCP | AD Auth test from CLI | AD Servers | Diagnostic |
| **161** | UDP | SNMP Read/Write | Endpoints | Management & Monitoring |
| **162** | UDP | SNMP Traps | Endpoints | Alerts & notifications |
| **135** | TCP | WMI Scan | Endpoints | Windows Management Instrumentation |
| **25** | TCP | SMTP | SMTP Servers | Email sending |
| **465** | TCP | SMTP Secure | SMTP Servers | Secured email sending |
| **53** | TCP/UDP | DNS | DNS Servers | Name resolution |
| **67** | UDP | DHCP | Network | DHCP service |
| **2055** | UDP | DHCP Snooper | Network | DHCP monitoring |
| **6343** | UDP | sFlow collector | Network | Traffic sampling |
| **514** | UDP | Ingress Events | Network | Event logging |
| **2083** | TCP | RadSec | Radius | Secure RADIUS communication |
---
### Recommendations:
- Open only the necessary ports based on your environment.
- Use the protocols wisely; for example, prefer UDP for SNMP and DNS, TCP for management and directory services.
- For security, restrict access to these ports to specific IP addresses or networks where applicable.
### see also
https://arubanetworking.hpe.com/techdocs/ClearPass/6.11/PolicyManager/Content/Deploy/About%20ClearPass/Accessing_ClearPass.htm computer2know :: thank you for your visit :: have a nice day :: © 2025