Solution Component Ports

The following table summarizes the ports that are used by the solution components.
cislp143
The following table summarizes the ports that are used by the solution components.
Application / Service
From
To
Destination Port
Details
SSH
All Virtual Appliance servers
All Virtual Appliance servers
TCP/22
Mandatory for Virtual Appliance internal health checks.
Customer network
TCP/22
For remote administration using SSH (optional).
CA Identity Governance
All Virtual Appliance servers
All Virtual Appliance servers running CA Identity Governance
TCP/8082
Mandatory for Virtual Appliance internal health checks.
TCP/8445
Optional for HTTPS connection to the application.
TCP/8789
Debug port
SSO proxy server
TCP/8011
Optional: AJP port for SSO integration with a proxy that uses the mod_jk module.
CA Identity Manager
All Virtual Appliance servers
All Virtual Appliance Servers running CA Identity Manager
TCP/8080
Mandatory for Virtual Appliance internal health checks.
TCP/8443
Optional for HTTPS connection to the application.
TCP/8787
Debug port
SSO proxy server
TCP/8009
Optional: AJP port for SSO integration with a proxy that uses the mod_jk module.
CA Identity Portal
All Virtual Appliance servers
All Virtual Appliance servers running CA Identity Portal
TCP/8081
Mandatory for Virtual Appliance internal health checks.
TCP/8444
Optional for HTTPS connection to the application.
TCP/8788
Debug port
SSO proxy server
TCP/8010
Optional: AJP port for SSO integration with a proxy that uses the mod_jk module.
End-User Web UI and Embedded Proxy
Customer network
All Virtual Appliance servers
TCP/80
TCP/443
Mandatory for customers to access applications (CA Identity Portal, CA Identity Manager, CA Identity Governance).
Handled by an internal proxy/load-balancer listening on ports 80 and 443 (User Portal).
Virtual Appliance Admin Web UI
Management network
All Virtual Appliance servers
TCP/10443
Mandatory for administrators to access the Admin Portal on port 10443.
Accessing this port must be allowed only from a management network/VLAN.
CA Provisioning Server
All Virtual Appliance servers running Provisioning Server
All Virtual Appliance servers running Provisioning Server
TCP/20391
TCP/20394
TCP/20396
TCP/20398
TCP/20404
Mandatory for replication and load-balancing.
All Virtual Appliance servers running CA Identity Manager
TCP/20389
TCP/20390
Mandatory requirement by CA Identity Manager.
Management network
Optional for direct access using CA Provisioning Manager.
CA User Store 
All Virtual Appliance servers running CA Identity Manager
All Virtual Appliance servers running User Store
TCP/10101
TCP/19289
Mandatory requirement by CA Identity Manager.
All Virtual Appliance servers running User Store
Mandatory for replication and load-balancing.
CA Java Connector Server
Management network
All Virtual Appliance servers running Connector Server
TCP/20080
TCP/20443
Mandatory for Connector Server admin Web-UI.
All Virtual Appliance servers running Provisioning Server
TCP/20410
TCP/20411
Mandatory requirement by Provisioning Server.
Central Logs Service
All Virtual Appliance servers running:
  • CA Identity Manager
  • CA Identity Governance
  • CA Identity Portal
  • Connector Server
All Virtual Appliance server running Central Logs
UDP/514
Mandatory requirement by Central Logs.
CA Connector Server (External)
All Virtual Appliance servers running Provisioning Server
External servers running Connector Server
TCP/20410
TCP/20411
Mandatory requirement by Provisioning Server