Communication Ports Used by ClearPass

Aruba Employee
Version history
Revision #:
3 of 3
Last update:
2 weeks ago
Updated by:
 
Comments
jmccotter

The ports listed for CPPM to AD for file replication services appear to be necessary - In our design the firewall is blocking Samba / SMB traffic coming from the Clearpass severs with these rules omitted.

justink84

Clearpass 6.6.7 with SMBv2 / SMBv3 patch requires additional ports that need to be opened through the firewall due to changes in DCE/RPC within MSCHAPv2. This new implementation seems to supports NTLMv2 by default. 

 

135/tcp

49152-65535/tcp

 

If the high end RPC prots arn't permitted in firewall, you will see a common error in access tracker stating the following. 

 

* AD Status: Reading winbind reply failed! (0xc0000001)
* AD Status: {Device Timeout} The Specified I?O operation on %hs was not completed before the time-out period expired. (0xc00000b5)

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: