Open port numbers on firewall

OneSpan Authentication Server uses several different ports to communicate (see Incoming ports used by OneSpan Authentication Server and Outgoing ports used by OneSpan Authentication Server). If these are blocked by a firewall, some features will not work correctly.

Before installing OneSpan Authentication Server, ensure that these ports are open and not in use. The Installation Wizard will issue a warning and halt the configuration process if any of these ports are unavailable.

We recommend using a software firewall on OneSpan Authentication Server and segmenting the OneSpan Authentication Server network with a hardware firewall.

Incoming ports

Incoming ports used by OneSpan Authentication Server
Port description Default Protocol Configuration Source
SOAP 8888 TCP

Configuration Utility: Communicators > SOAP > Port

  • SOAP client
  • Digipass Authentication for Windows Logon 2.x
  • Digipass Authentication Module products
  • Administration Web Interface
RADIUS authentication 1812 UDP

Configuration Utility: Communicators > RADIUS > Authentication Port

  • RADIUS client
  • RADIUS back-end server
RADIUS accounting 1813 UDP

Configuration Utility: Communicators > RADIUS > Accounting Port

  • RADIUS client
  • RADIUS back-end server
SEAL without SSL 20003 TCP

Configuration Utility: Communicators > SEAL > Port

  • Tcl Command-Line Administration tool
  • Replication from other OneSpan Authentication Server instances
SEAL with SSL 20004 TCP

Configuration Utility: Communicators > SEAL > Port

Tcl Command-Line Administration tool

Live audit 20006 TCP

Configuration Utility: Auditing > Live Audit Viewer > Port

Audit Viewer

Net-SNMP agent 161 UDP

Configuration Utility: SNMP > Port

OneSpan Authentication Server

Apache Tomcat

8443

-OR-

9443

TCP Apache Tomcat configuration files (automatically during initial setup)

Web browser clients

MDC 20007 TCP MDC Configuration Utility Message Delivery Component (MDC)

Outgoing ports

Outgoing ports used by OneSpan Authentication Server
Port description Default Protocol Configuration Destination
RADIUS Authentication 1812 UDP Administration Web Interface: Back-end server records > Authentication Port RADIUS back-end server
RADIUS Accounting 1813 UDP Administration Web Interface: Back-end server records > Accounting Port RADIUS back-end server
SEAL without SSL 20003 TCP Configuration Utility: Replication > Destination Servers > {Server} >Port Replication to other OneSpan Authentication Server
SEAL with SSL 20004 TCP Configuration Utility: Communicators > SEAL > Port OneSpan Authentication Server
Database Specific to driver TCP ODBC driver ODBC database (when located on a separate server)

LDAP

389 TCP Administration Web Interface: Back-end server records > Port NetIQ eDirectory, IBM Security Directory Server, or Active Directory back-end servers
SNMP trap 162 UDP

Configuration Utility: System Monitoring > Targets > Port

SNMP trap receivers

LDAPS 636 TCP Back-end server records IBM Security Directory Server or Active Directory back-end servers
LDAPS GC 3269 TCP Back-end server records Active Directory back-end servers