HomeHome ArticlesArticles Most Popular ArticlesMost Popular Articles Most Helpful ArticlesMost Helpful Articles Request New ArticleRequest New Article
RSS Feeds
DrillDown Icon Table of Contents Back
 . . . . . . . . . . . . .
DrillDown Icon FAQs on Cyberoam and Sophos Firewall
DrillDown Icon Vulnerability Security Advisories
DrillDown Icon Best Practices & Policies
DrillDown Icon Protect Your Cyberoam Appliances from Power Fluctuations
DrillDown Icon Technical Library
DrillDown Icon Deployment
DrillDown Icon Registration & Licensing
DrillDown Icon System
DrillDown Icon Objects
DrillDown Icon Network
DrillDown Icon Identity
DrillDown Icon Authentication
DrillDown Icon Customize Captive Portal in Cyberoam
DrillDown Icon Active Directory (AD) Authentication
DrillDown Icon Port Requirements in AD-DC local firewall for CTAS connectivity
DrillDown Icon Install Novell eDirectory Compatible CTAS
DrillDown Icon Implement Clientless SSO Authentication in Multiple Active Directory Domain Controller
DrillDown Icon Group Membership behavior in case of Tight Integration with Active Directory
DrillDown Icon Integrate Cyberoam with Active Directory
DrillDown Icon Implement Clientless SSO Authentication in Single AD Domain Controller Environment
DrillDown Icon Implement SSO Authentication with AD (English & Non-English Version)
DrillDown Icon Import AD OUs and Groups
DrillDown Icon I have removed certain users from my AD server. How do I synchronize Cyberoam’s User Database with it?
DrillDown Icon Does Cyberoam import AD users’ email addresses along with their credentials?
DrillDown Icon Is it possible to authenticate Remote Desktop Server users without Active Directory Integration with Cyberoam?
DrillDown Icon How to configure an External Authentication Server to authenticate L2TP/PPTP/IPSec users?
DrillDown Icon NTLM Authentication
DrillDown Icon Configure SSO for WLAN Users Authenticated by RADIUS Server
DrillDown Icon Integrate Cyberoam with Gemalto SA Server NPS Agent
DrillDown Icon How to Login in a Two Factor Authentication Environment?
DrillDown Icon Guest User Creation using Captive Portal
DrillDown Icon Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication
DrillDown Icon Configure Captive Portal URL Redirection
DrillDown Icon Integrate Cyberoam with RSA SecurID as a RADIUS Client
DrillDown Icon Integrate Cyberoam with ESET Secure Authentication Server
DrillDown Icon Allow Specific Websites without Authentication
DrillDown Icon Configure Cyberoam to use RADIUS Server for Authentication
DrillDown Icon Integrate Cyberoam with LDAP Server
DrillDown Icon Serve a Custom Page to unauthenticated users instead of Captive portal
DrillDown Icon How to customize the Default SMS sent to Guest Users?
DrillDown Icon Why is Captive Portal not displayed to users while trying to access Internet when a default Drop Policy is applied?
DrillDown Icon How to set authentication mechanism for L2TP or PPTP VPN users?
DrillDown Icon How to setup the Maximum Session Timeout globally for all users?
DrillDown Icon How do I configure Cyberoam to automatically logout inactive users?
DrillDown Icon Users and Groups
DrillDown Icon Implement Access Time Policy for a User/Group
DrillDown Icon Apply Surfing Quota Policy for User
DrillDown Icon Create a Data Transfer Policy
DrillDown Icon Implement BYOD Security with Cyberoam
DrillDown Icon Firewall
DrillDown Icon VPN
DrillDown Icon IPS
DrillDown Icon Web Filter
DrillDown Icon Application Filter
DrillDown Icon Web Application Firewall (WAF)
DrillDown Icon IM
DrillDown Icon Quality of Service (QoS)
DrillDown Icon Anti Virus
DrillDown Icon Anti Spam
DrillDown Icon Logs & Reports
DrillDown Icon Clients
DrillDown Icon Cyberoam Maintenance
DrillDown Icon Compatibility
DrillDown Icon Archives
  Subscribe Print PreviewPrint Current Article and All Sub-Articles
Port Requirements in AD-DC local firewall for CTAS connectivity

Applicable Version: 10.00 onwards

Cyberoam provides Clientless Single Sign On in the form of Cyberoam Transparent Authentication Suite (CTAS) user automatically logs on to Cyberoam when he/she logs on to Windows using his/her windows username and password. Refer the following articles to implement Clientless SSO in AD-DC environment:

1.    Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

2.    Implement Clientless SSO Authentication in Multiple Active Directory Domain Controller

CTAS configuration on Active Directory requires certain ports to be open for connectivity between Cyberoam and the AD-DC server. On the AD-DC Server, active Windows Firewall for Public, Private and Domain profiles prohibits connectivity if certain ports are closed.

·        CTAS Collector installed on the AD-DC server listens on UDP Port 6677 from Cyberoam and sends Logon details back on UDP Port 6060.

·        CTAS Agent sends Logon details to collector on TCP port 5566 (if installed separately).

Thus, the Local Firewall on the Active Directory requires the mentioned ports to be open for successful connectivity.The CTAS can be implemented in multiple AD-DC scenarios. Refer the following section for scenario-wise open port requirements in the local firewall:

Scenario 1: One AD-DC is on the network and CTAS Suite is installed on the same.

On DC, where CTAS Suite is installed

·        Inbound UDP 6677 port

·        Outbound UDP 6060


Scenario 2: Two or more domain controllers; One AD-DC with CTAS Suite and other AD-DC with CTAS Agent installed.

On AD-DC, where CTAS Suite is installed

ON AD-DC, where CTAS Agent is installed

·        Inbound UDP 6677 port

·        Inbound TCP 5566 port

·        Outbound UDP 6060

·        Outbound TCP 5566 port



Scenario 3: Two or more AD-DCs are installed with CTAS Suite for Fault Tolerance

On all AD-DCs

·        Inbound UDP 6677 port

·        Inbound TCP 5566 port

              .        Outbound UDP 6060


                                                                                                                                                                           Document Version: 1.0 – 23 March, 2015

Article ID: 3110