OneSpan Authentication Server uses several different ports to communicate (see Table: Incoming ports used by OneSpan Authentication Server and Table: Outgoing ports used by OneSpan Authentication Server). If these are blocked by a firewall, some features will not work correctly.
We recommend using a software firewall on OneSpan Authentication Server and segmenting the OneSpan Authentication Server network with a hardware firewall.
Incoming ports
Table: Incoming ports used by OneSpan Authentication Server | Port description | Default | Protocol | Configuration | Source |
|---|
| SOAP | 8888 | TCP | Configuration Utility: Communicators > SOAP > Port | - SOAP client
- Digipass Authentication for Windows Logon 2.x
- Digipass Authentication Module products
- Administration Web Interface
|
| RADIUS authentication | 1812 | UDP | Configuration Utility: Communicators > RADIUS > Authentication Port | - RADIUS client
- RADIUS back-end server
|
| RADIUS accounting | 1813 | UDP | Configuration Utility: Communicators > RADIUS > Accounting Port | - RADIUS client
- RADIUS back-end server
|
| SEAL without SSL | 20003 | TCP | Configuration Utility: Communicators > SEAL > Port | - Tcl Command-Line Administration tool
- Replication from other OneSpan Authentication Server instances
|
| SEAL with SSL | 20004 | TCP | Configuration Utility: Communicators > SEAL > Port | Tcl Command-Line Administration tool |
| Live audit | 20006 | TCP | Configuration Utility: Auditing > Live Audit Viewer > Port | Audit Viewer |
| Apache Tomcat | 8443 -OR- 9443 | TCP | Apache Tomcat configuration files (automatically during initial setup) | Web browser clients |
| MDC | 20007 | TCP | MDC Configuration Utility | Message Delivery Component (MDC) |
Outgoing ports
Table: Outgoing ports used by OneSpan Authentication Server | Port description | Default | Protocol | Configuration | Destination |
|---|
| RADIUS Authentication | 1812 | UDP | Administration Web Interface: Back-end server records > Authentication Port | RADIUS back-end server |
| RADIUS Accounting | 1813 | UDP | Administration Web Interface: Back-end server records > Accounting Port | RADIUS back-end server |
| SEAL without SSL | 20003 | TCP | Configuration Utility: Replication > Destination Servers > {Server} >Port | Replication to other OneSpan Authentication Server |
| SEAL with SSL | 20004 | TCP | Configuration Utility: Communicators > SEAL > Port | OneSpan Authentication Server
|
| Database | Specific to driver | TCP | ODBC driver | ODBC database (when located on a separate server) |
LDAP | 389 | TCP | Administration Web Interface: Back-end server records > Port | IBM Security Directory Server, or Active Directory back-end servers |
| SNMP trap | 162 | UDP | Configuration Utility: System Monitoring > Targets > Port | SNMP trap receivers |
| LDAPS | 636 | TCP | Back-end server records | IBM Security Directory Server or Active Directory back-end servers |
| LDAPS GC | 3269 | TCP | Back-end server records | Active Directory back-end servers |