Open port numbers on firewall
OneSpan Authentication Server uses several different ports to communicate (see Incoming ports used by OneSpan Authentication Server and Outgoing ports used by OneSpan Authentication Server). If these are blocked by a firewall, some features will not work correctly.
Before installing OneSpan Authentication Server, ensure that these ports are open and not in use. The Installation Wizard will issue a warning and halt the configuration process if any of these ports are unavailable.
We recommend using a software firewall on OneSpan Authentication Server and segmenting the OneSpan Authentication Server network with a hardware firewall.
Incoming ports
Incoming ports used by OneSpan Authentication Server
| Port description |
Default |
Protocol |
Configuration |
Source |
| SOAP |
8888 |
TCP |
Configuration Utility: Communicators > SOAP >
Port
|
- SOAP client
- Digipass Authentication for Windows Logon 2.x
- Digipass Authentication Module products
- Administration Web Interface
|
| RADIUS authentication |
1812 |
UDP |
Configuration Utility: Communicators > RADIUS
> Authentication Port
|
- RADIUS client
- RADIUS back-end server
|
| RADIUS accounting |
1813 |
UDP |
Configuration Utility: Communicators > RADIUS > Accounting Port
|
- RADIUS client
- RADIUS back-end server
|
| SEAL without SSL |
20003 |
TCP |
Configuration Utility: Communicators > SEAL > Port
|
- Tcl Command-Line Administration tool
- Replication from other OneSpan Authentication Server instances
|
| SEAL with SSL |
20004 |
TCP |
Configuration Utility: Communicators > SEAL > Port
|
Tcl Command-Line Administration tool
|
| Live audit |
20006 |
TCP |
Configuration Utility: Auditing > Live Audit Viewer > Port
|
Audit Viewer
|
| Apache Tomcat
|
8443
-OR-
9443
|
TCP |
Apache Tomcat configuration files (automatically during initial setup) |
Web browser clients
|
| MDC |
20007 |
TCP |
MDC Configuration Utility
|
Message Delivery Component (MDC)
|
Outgoing ports
Outgoing ports used by OneSpan Authentication Server
| Port description |
Default |
Protocol |
Configuration |
Destination |
| RADIUS Authentication |
1812 |
UDP |
Administration Web Interface: Back-end server records
> Authentication Port |
RADIUS back-end server |
| RADIUS Accounting |
1813 |
UDP |
Administration Web Interface: Back-end server records
> Accounting Port |
RADIUS back-end server |
| SEAL without SSL |
20003 |
TCP |
Configuration Utility: Replication > Destination Servers > {Server} >Port |
Replication to other OneSpan Authentication Server |
| SEAL with SSL |
20004 |
TCP |
Configuration Utility: Communicators > SEAL > Port |
OneSpan Authentication Server
|
| Database |
Specific to driver |
TCP |
ODBC driver |
ODBC database (when located on a separate server) |
|
LDAP
|
389 |
TCP |
Administration Web Interface: Back-end server records
> Port |
NetIQ eDirectory, IBM Security Directory Server, or Active Directory back-end servers |
| SNMP trap |
162 |
UDP |
Configuration Utility: System Monitoring > Targets > Port
|
SNMP trap receivers
|
| LDAPS |
636 |
TCP |
Back-end server records |
IBM Security Directory Server or Active Directory back-end servers |
| LDAPS GC |
3269 |
TCP |
Back-end server records |
Active Directory back-end servers |