Communication ports used by RCDevs products
Ports LDAP SQL Traffic Firewall Radius SMTP

Download PDF

Overview

This documentation demonstrates ports and protocols used by RCDevs products between different components.

1. Communication Ports used by RCDevs Products

1.1 WebADM prior to version 2

1.2 WebADM from version 2

2. WebADM Cluster Ports

At RCDevs Hardening Guide - 5.5 HA Cluster Firewall Rules is an example of the iptables firewall rules for a high availability cluster with 4 nodes.

3. Incoming and Outgoing Traffic per Product

Product	Incoming	Outgoing
WebADM Master (PKI role) & Web Services	SSH TCP 22, Session Server TCP 4000, SOAP TCP 8443, HTTPS 443, PKI TCP 5000	Session Server TCP 4000 to WebADM Slave, LDAPS 389 or 636, SQL 3306, before v2: Licenses service TCP 7001 to license.rcdevs.com, before v2: Push service TCP 7000 to push.rcdevs.com, from v2: Cloud services TCP 443 to cloud.rcdevs.com, SMTP port to your mail server
WebADM Slave (PKI client) & Web Services	SSH TCP 22, Session Server __TCP 4000__ SOAP TCP 8443, HTTPS 443	Session Server TCP 4000 to WebADM Master, LDAPS 389 or 636, SQL 3306, PKI TCP 5000 to WebADM Master, before v2: Licenses service TCP 7001 to license.rcdevs.com, before v2: Push service TCP 7000 to push.rcdevs.com, from v2: Cloud services TCP 443 to cloud.rcdevs.com, SMTP port to your mail server
Radius Bridge	UDP 1812	TCP 8443 to WebADM
LDAP Bridge	LDAPS 389 or 636	TCP 8443 to WebADM(s) 389 or 636 to LDAP server(s)
WA Proxy	HTTPS 443, HTTPS 8443 (only if publish_websrvs is enabled)	HTTPS 443 to WebADM, SOAP TCP 8443 to WebADM web services (only if publish_websrvs is enabled)
SpanKey Client	SSH TCP 22	SOAP TCP 8443 to SpanKey Web Service
Windows Plugins	X	SOAP TCP 8443 to OpenOTP Web service
PAM OpenOTP plugin	UNIX SOCKET	SOAP TCP 8443 to OpenOTP Web service
SQL Replication	TCP 3306	TCP 3306
OpenLDAP Replication	LDAPS 389 or 636	LDAPS 389 or 636
Secure Password Reset	X	HTTPS 443 to https://haveibeenpwned.com/api/ URL if Prevent Known Passwords setting is activated

4. Change default WebADM listener Ports

The proper way to change a WebADM default lister port is by creating the /opt/webadm/conf/webadm.env file. In that file, you can configure the following settings:

# Interface used
INTERFACE=1.2.3.4

# Apache standard port 
HTTP_PORT_STD=1080

# Apache SSL port
HTTP_PORT_SSL=1443

# Web Service standard port
SOAP_PORT_STD=2080

# Web Service SSL port
SOAP_PORT_SSL=2443

To take into account these changes, you have to restart your WebADM server(s).

If you need to change the PKI Server Port then follow this documentation RCDevs Hardening Guide - 7.2 Change Port.

This manual was prepared with great care. However, RCDevs S.A. and the author cannot assume any legal or other liability for possible errors and their consequences. No responsibility is taken for the details contained in this manual. Subject to alternation without notice. RCDevs S.A. does not enter into any responsibility in this respect. The hardware and software described in this manual is provided on the basis of a license agreement. This manual is protected by copyright law. RCDevs S.A. reserves all rights, especially for translation into foreign languages. No part of this manual may be reproduced in any way (photocopies, microfilm or other methods) or transformed into machine-readable language without the prior written permission of RCDevs S.A. The latter especially applies for data processing systems. RCDevs S.A. also reserves all communication rights (lectures, radio and television). The hardware and software names mentioned in this manual are most often the registered trademarks of the respective manufacturers and as such are subject to the statutory regulations. Product and brand names are the property of RCDevs S.A. © 2021 RCDevs SA, All Rights Reserved

Communication ports used by RCDevs products Ports LDAP SQL Traffic Firewall Radius SMTP Download PDF