ConnectionProtocolServiceFunctionPort
Outbound from Web Appliance to
Management Appliance (if
collocated)
TCPSSHCentral configuration, status and
reporting
22
Outbound from Appliance to LANUDPDNSDNS queries53
Inbound from LAN to applianceTCPHTTPadministrative web interface80
Inbound/outbound between
appliance and AD server
TCP/UDPKERBEROSKerberos authentication88
Inbound/outbound between
appliance and AD server
TCP/UDPNETBIOS-SSNMS NetBIOS session139
Inbound/outbound between
appliance and AD server
TCP/UDPLDAPDirectory services synchronization389
Inbound from LAN to applianceTCPHTTPSadministrative web interface443
Inbound/outbound between
appliance and AD server
TCP/UDPSMBMS server message block445
Inbound/outbound between
appliance and eDirectory server
TCPLDAPSLDAP synchronization636
Inbound/outbound between
appliance and AD server
TCP/UDPMSGCMS AD Global Catalog
synchronization
3268
Inbound/outbound between LAN and
appliance
TCPHTTP/HTTPSProxy (end user web browsing)8080
New Web Appliance join produces an AD integration alert and blocks
all users’ web access
Problem:When you join a new Web Appliance to a configured Management Appliance, the Web
Appliance raises an Active Directory integration alert, and web access is blocked for all of the
Web Appliance’s users.
Cause: The configuration data downloaded from the Management Appliance includes Active
Directory access configuration, but the firewall between the new Web Appliance and the Active
Directory server has not been configured to open the required ports.
Solution:You can either configure your firewall to provide access to the ports and services listed
in the preceding tables, or you can configure the new Web Appliance to use a local Active Directory
212 | Appliance Behavior and Troubleshooting | Sophos Web Appliance
To Next Page
Loading...
Need help?
General
