AAA, NAC, Guest Access & BYOD

 View Only
last person joined: one year ago 

Solutions for legacy and existing products and solutions, including Clearpass, CPPM, OnBoard, OnGuard, Guest, QuickConnect, AirGroup, and Introspect
Back to Library

What-Ports-are-needed-between-CPPM-publisher-and-Subscriber? 

Jul 10, 2014 07:28 PM

QuestionWhat-Ports-are-needed-between-CPPM-publisher-and-Subscriber?

 

In a Publisher Subscriber setup, the database sync goes one way : Publisher --> Subscriber. However, the database keep alive messages go in both directions - the publisher and the subscriber need to know whether the other party is alive and kicking.

In short the ports that are needed to open for CPPM are
1. Clients connecting to the network (endpoints - laptops, smartphones, etc) require connectivity to port 80, port 443 on CPPM
2. The controller requires access to port 1812, 1813, 1645, 1646 (RADIUS ports) and 3799 (RFC 3576 - RADIUS CoA)
3. CPPM Subscriber requires access to CPPM Publisher on the ports listed below. Note that these ports need to be open only between the two servers (two specific servers) and it doesn't need to be open for any other devices on the network.

  • UDP Port 123 NTP (Subscriber to publisher)
  • TCP Port 443 HTTPS (Bi-directional)
  • TCP Port 5432 PostgreSQL for DB replication (Subscriber to publisher) 
 
The database communication is fully encrypted (SSL) end-to-end between Publisher and Subscriber, this automatically implies snooping on the wire/man-in-the-middle/etc attacks are not possible.

 

Statistics
0 Favorited
3 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.