Standard Ports used for Accounts Discovery

The CyberArk CPM Scanner uses the following ports to discover accounts and SSH keys on remote machines:

Port

Use case

22

To connect to target machines using SSH.

This port can be configured by the SSHPort parameter in the CACPMScanner.exe.config file.

88

Used for KDC services (only relevant to domain controllers).

This port must be accessible both through network-based and host-based firewalls.

135, 137, 138, 139

To connect to target machines using NetBIOS ports.

These ports must be accessible on host-based firewalls.

389

To connect to target machines using the LDAP service (only relevant to domain controllers).

This port must be accessible both through network-based and host-based firewalls.

636

To connect to target machines using the LDAPS service (only relevant to domain controllers).

This port must be accessible both through network-based and host-based firewalls.

445

To connect to target machines using SMB/TCP.

This port must be accessible on host-based firewalls.

4431

To discover SSH keys on Windows machines without Cygwin.

This port is not configurable.

49154

This port is used to view and administrate Scheduled Tasks on the remote machine.

49155, 49156

This port is used to get the list of services from the remote machine.
 

  • Make sure that the ICMP protocol is not blocked on the CPM machine's firewall or in your environment.

  • The Scanner must successfully resolve the domain name in order to fetch information about domain accounts found during the scan.