IMPORTANT:Ports 443 and 80 are used inside the Advanced Authentication Server appliance and cannot be changed.
Port forwarding is supported but is not recommended. In this case the entire appliance will be available via the Internet. It is recommended to use reverse proxy to map only specific URLs.
Advanced Authentication Server Appliance uses the following RFC standard ports by default:
Service |
Port |
Protocol |
Usage |
---|---|---|---|
REST |
443 |
HTTPS |
All Communications |
Administrative portal, Self-Service portal, Helpdesk portal, Reporting portal |
443 |
HTTPS |
All Communications (<AAServer>/admin, <AAServer>/account, <AAServer>/helpdesk, <AAServer>/report) |
Server Update |
443 |
HTTPS |
Update channel: appliance - update server (repo.authasas.com) |
Database replication |
5432: This port is required only for the installation of a new DB Server. Then the port must be closed. |
TCP, UDP |
Database replication between DB servers |
Database replication |
8080 |
TCP, UDP |
Database replication between DB servers |
DNS |
53 |
TCP, UDP |
DNS |
NTP |
123 |
UDP |
NTP, used for time synchronization |
LDAP |
389 |
TCP, UDP |
LDAP (if used with repository) |
LDAPS |
636 |
TCP,UDP |
LDAP over TLS/SSL (if used with repository) |
Advanced Authentication Server Appliance uses the following ports required for the different methods:
Service |
Port |
Protocol |
Usage |
---|---|---|---|
RADIUS |
1812 |
TCP, UDP |
Authentication |
RADIUS |
1813 |
TCP, UDP |
Accounting |
E-Mail Service |
Variable |
SMTP |
E-Mail Traffic |
Voice Call Service |
Variable |
HTTPS |
All Communications (<AAServer>/twilio/status, <AAServer>/twilio/gather) |
Smartphone |
Variable |
HTTPS |
All Communications (<AAServer>/smartphone) |
Smartphone Push Service |
443 |
HTTPS |
Communication between AAF and proxy.authasas.com (push service) |
SMS |
Variable |
HTTPS |
Communication to a used SMS service |
Swisscom Mobile ID |
Variable |
HTTPS |
Communication to the specified Swisscom Mobile ID service URL |
Voice OTP Service |
Variable |
HTTPS |
All Communications (<AAServer>/twilio/otp) |
IMPORTANT:Any port can be used in case of reverse proxying. E.g., https://dnsname:888/smartphone. There is reverse proxy redirect from port 888 to port 443 internally to appliance. Port 888 is used from outside, but port 443 is used inside the appliance.