Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-4375: What Firewall ports are needed for the various Centrify DirectAudit components?

Auditing and Monitoring Service ,  

6 November,20 at 09:59 AM

Applies to:
DirectAudit 2.x/3.0.x
What firewall ports are needed for the various DA components?
The following ports are needed.
#1 - TCP Port 1433: The default SQL port; Some customers may be using SQL that's listening on a different port. In either case, we'll be using TCP/IP for communication between Audit Manager/Audit Analyzer and the SQL server using port on which SQL is listening.

Note: Both Audit Manager/Audit Analyzer consoles do not connect to the Audit Store directly; the consoles talk to the Management database and the management database internally talks to the Audit Store database to fetch the data.
#2 - Port 5063: The default port that collector uses to listen to all agents.

#3 -  Port 3268/389: The GC(3268) / LDAP(389) are used primarily by DA Windows agents to discover the collectors (because an agent can bind to any collector in its own forest) but it is also being used by Audit Manager and Audit Analyzer when retrieving installations binding information.

Note: the GC is optional because we can fallback to LDAP in case it is not reachable.

#4 Port 445 and 139: When performing database operations (such as adding incoming collector account or a new auditor account) using the Audit Manager console, the "AD users/groups picker dialog" does not work if the ports 445 and 139 are not open on the SQL Server.
#5 UDP port 1434: If the DirectAudit databases are hosted on a SQL server with named instance, the SQL browser service needs to be running on the SQL server host and this service uses UDP port 1434.  This port need to be opened on the target SQL Server. (ref:

#6 - For Windows Agent (DirectAudit), Centrify uses a dynamic port for local communication between wdad and wash. This port is selected automatically.

Note: This port is only used for the local communication and it does not need to be opened via firewall for inbound communication to that audited system.