Port Communication Requirements

Owned by Phillip Hanegan
Feb 29, 2024
2 min read

Active Directory

For EmpowerID to communicate with Active Directory environments, the following ports must be open:

  • 135/TCP RPC

  • 137/UDP NetBIOS

  • 138/UDP NetBIOS

  • 139/TCP NetBIOS

  • 389/TCP/UDP LDAP

  • 636/TCP LDAP SSL

  • 3268/TCP LDAP GC

  • 3269/TCP LDAP GC SSL

  • 53/TCP/UDP DNS

  • 88/TCP/UDP Kerberos

  • 445/TCP SMB

  • 123/UDP NTP

Internal EmpowerID Communications

The EmpowerID Management Console Windows desktop client requires the following ports be open:

  • HTTPS/TLS: port 443 TCP

EmpowerID server to server communications require the following ports be open:

  • HTTPS/TLS: port 443 TCP

EmpowerID server to SQL Database communications require the following ports be open:

  • Microsoft SQL Server: port 1433 TCP

The EmpowerID WAM/Reverse Proxy does not require any communication with the Microsoft SQL database. The Reverse Proxy retrieves all of its configuration data by calling the EmpowerID REST API on any front-end servers.


The below two images depict the EmpowerID Communications and Connectivity architecture. The first shows the architecture without EmpowerID WAM/Reverse Proxy, while the second shows the architecture with EmpowerID WAM/Reverse Proxy.

Figure 1: EmpowerID Communications and Connectivity Architecture

 

Figure 2: EmpowerID Communications and Connectivity architecture with WAM/Reverse Proxy module

 

In addition to the above, for password resets you may need to open TDP/UDP 135, as well as all RPC dynamic ports. For more information, see the following Microsoft topics: