Open port numbers on firewall
OneSpan Authentication Server uses several different ports to communicate (see Table: Incoming ports used by OneSpan Authentication Server and Table: Outgoing ports used by OneSpan Authentication Server). If these are blocked by a firewall, some features will not work correctly.
We recommend using a software firewall on OneSpan Authentication Server and segmenting the OneSpan Authentication Server network with a hardware firewall.
Incoming ports
Table: Incoming ports used by OneSpan Authentication Server
| Port description |
Default |
Protocol |
Configuration |
Source |
| SOAP |
8888 |
TCP |
Configuration Utility: Communicators > SOAP >
Port
|
- SOAP client
- Digipass Authentication for Windows Logon 2.x
- Digipass Authentication Module products
- Administration Web Interface
|
| RADIUS authentication |
1812 |
UDP |
Configuration Utility: Communicators > RADIUS
> Authentication Port
|
- RADIUS client
- RADIUS back-end server
|
| RADIUS accounting |
1813 |
UDP |
Configuration Utility: Communicators > RADIUS > Accounting Port
|
- RADIUS client
- RADIUS back-end server
|
| SEAL without SSL |
20003 |
TCP |
Configuration Utility: Communicators > SEAL > Port
|
- Tcl Command-Line Administration tool
- Replication from other OneSpan Authentication Server instances
|
| SEAL with SSL |
20004 |
TCP |
Configuration Utility: Communicators > SEAL > Port
|
Tcl Command-Line Administration tool
|
| Live audit |
20006 |
TCP |
Configuration Utility: Auditing > Live Audit Viewer > Port
|
Audit Viewer
|
| Apache Tomcat
|
8443
-OR-
9443
|
TCP |
Apache Tomcat configuration files (automatically during initial setup) |
Web browser clients
|
| MDC |
20007 |
TCP |
MDC Configuration Utility
|
Message Delivery Component (MDC)
|
Outgoing ports
Table: Outgoing ports used by OneSpan Authentication Server
| Port description |
Default |
Protocol |
Configuration |
Destination |
| RADIUS Authentication |
1812 |
UDP |
Administration Web Interface: Back-end server records
> Authentication Port |
RADIUS back-end server |
| RADIUS Accounting |
1813 |
UDP |
Administration Web Interface: Back-end server records
> Accounting Port |
RADIUS back-end server |
| SEAL without SSL |
20003 |
TCP |
Configuration Utility: Replication > Destination Servers > {Server} >Port |
Replication to other OneSpan Authentication Server |
| SEAL with SSL |
20004 |
TCP |
Configuration Utility: Communicators > SEAL > Port |
OneSpan Authentication Server
|
| Database |
Specific to driver |
TCP |
ODBC driver |
ODBC database (when located on a separate server) |
|
LDAP
|
389 |
TCP |
Administration Web Interface: Back-end server records
> Port |
NetIQ eDirectory, IBM Security Directory Server, or Active Directory back-end servers |
| SNMP trap |
162 |
UDP |
Configuration Utility: System Monitoring > Targets > Port
|
SNMP trap receivers
|
| LDAPS |
636 |
TCP |
Back-end server records |
IBM Security Directory Server or Active Directory back-end servers |
| LDAPS GC |
3269 |
TCP |
Back-end server records |
Active Directory back-end servers |