Network Ports Overview
The PAM - Self-Hosted components communicate through a variety of ports which ensure that all their communication is secure and according to the patented CyberArk protocol.
Network Port Definitions for CyberArk Components
The following tables list the network port definitions for each component in relation to the PAM - Self-Hosted components and managed devices.
Target |
||||
---|---|---|---|---|
Source |
Vault |
DR |
CPM |
PVWA |
Vault |
û |
TCP/1858 [1] |
û | û |
Disaster Recovery Vault (DR) |
TCP/1858 [1] |
û | û | û |
Central Policy Manager (CPM) |
TCP/1858 [1] |
TCP/1858 [1] |
û |
TCP/443 |
Password Vault Web Access (PVWA) |
TCP/1858 [1] |
TCP/1858 [1] |
û | û |
Privileged Session Manager (PSM) |
TCP/1858 [1] |
TCP/1858 [1] |
û | TCP/443 |
Privileged Session Manager for SSH (PSM for SSH) |
TCP/1858 [1] |
TCP/1858 [1] |
û | TCP/443 |
Credential Provider |
TCP/1858 [1] |
TCP/1858 [1] |
û | û |
On-Demand Privileges Manager (OPM) |
TCP/1858 [1] |
TCP/1858 [1] |
û | û |
Privileged Threat Analytics (PTA) |
TCP/1858 |
TCP/1858 |
û |
TCP/80 |
User (Administrator) |
TCP/1858 [1]; opt. Remote Administration [2] |
TCP/1858 [1]; opt. Remote Administration [2] |
TCP/3389 |
TCP/80 |
Target |
|||||
---|---|---|---|---|---|
Source |
PSM |
Credential Provider |
OPM |
SMTP Server |
Manage/Access Target Devices, e.g. Server, Router, … |
Vault |
û | û | û |
TCP/25
|
û |
Disaster Recovery Vault (DR) |
û | û | û |
TCP/25 |
û |
Central Policy Manager (CPM) |
û | û | û | û |
See footnotes below [3] |
Password Vault Web Access (PVWA) |
û | û | û | û | û |
Privileged Session Manager(PSM) |
û | û | û | û |
TCP/3389 or TCP/22 |
Privileged Session Manager for SSH(PSM for SSH) |
û | û | û | û |
TCP/22 [1] |
Privileged Session Manager HTML5 gateway |
TCP/3389 |
û |
û |
û |
û |
Credential Provider |
û | û | û | û | û |
On-Demand Privileges Manager (OPM) |
û | û | û | û | û |
User (Administrator) |
TCP/443 |
û | û | û |
TCP/22, TCP/3389, etc. [4]
|
_________________________________
û – Not relevant
[1] Default port. This can be changed, e.g. to TCP/443.
[2] Remote Administration Boards, e.g. like HP iLO, IBM RSA, Dell DRAC, etc., for virtualized environments allow access to VM Server.
[3] Refer to Standard Ports and Protocols.
[4] Depending on devices managed through direct access (Administrators' Workstations to target devices).
Network Port Definitions for Third Party Components
The following tables list the network port definitions for various third party components that communicate with the PAM - Self-Hosted components.
Optional Target |
|||
---|---|---|---|
Source |
LDAP/S |
RADIUS |
RSA SecurID |
Vault |
TCP/389 or TCP/636 |
UDP/1812 UDP/1813 |
UDP/5500 UDP/5560 |
Disaster Recovery Vault (DR) |
TCP/389 or TCP/636 |
UDP/1812 UDP/1813 |
UDP/5500 UDP/5560 |
Central Policy Manager (CPM) |
û | û | û |
Password Vault Web Access (PVWA) |
û | û | û |
Privileged Session Manager(PSM) |
û | û | û |
Privileged Session Manager for SSH (PSM for SSH) |
û | û | û |
Credential Provider |
û | û | û |
On-Demand Privileges Manager (OPM) |
û | û | û |
User (Administrator) |
û |
û | û |
Optional Target |
||||
---|---|---|---|---|
Source |
Backup |
Syslog |
NTP |
SNMP |
Vault |
Depending on backup software used |
TLS/514 TCP/514 UDP/514 |
UDP/123 |
UDP/161 |
Disaster Recovery
Vault (DR) |
Depending on backup software used |
TLS/514 TCP/514 UDP/514 |
UDP/123 |
UDP/161 |
Central Policy Manager (CPM) |
û | û |
UDP/123 |
û |
Password Vault Web Access (PVWA) |
û | û |
UDP/123 |
û |
Privileged Session Manager (PSM) |
û | û |
UDP/123 |
û |
Privileged Session Manager for SSH (PSM for SSH) |
û | û |
UDP/123 |
û |
Credential Provider |
û | û | û | û |
On-Demand Privileges Manager (OPM) |
û | û | û | û |
User (Administrator) |
û | û | û | û |