Communication Ports Used by ClearPass

Aruba Employee
Aruba Employee
Version history
Revision #:
3 of 3
Last update:
‎11-27-2017 11:20 AM
Updated by:

The ports listed for CPPM to AD for file replication services appear to be necessary - In our design the firewall is blocking Samba / SMB traffic coming from the Clearpass severs with these rules omitted.

Clearpass 6.6.7 with SMBv2 / SMBv3 patch requires additional ports that need to be opened through the firewall due to changes in DCE/RPC within MSCHAPv2. This new implementation seems to supports NTLMv2 by default. 





If the high end RPC prots arn't permitted in firewall, you will see a common error in access tracker stating the following. 


* AD Status: Reading winbind reply failed! (0xc0000001)
* AD Status: {Device Timeout} The Specified I?O operation on %hs was not completed before the time-out period expired. (0xc00000b5)

Search Airheads
Showing results for 
Search instead for 
Did you mean: