We have quite strict firewalls, so I need to specify the IPA network
ports accurately. So, we have now opening for:

        80/tcp, 88/tcp, 389/tcp, 443/tcp, 464/tcp, 636/tcp
        88/udp, 464/udp

in to our first IPA server. Now I'm in the process of configuring the
first replica. Is there any other ports that needs to be opened between
ipa master and replica?

We don't serve NTP or DNS from IPA, so I guess these shouldn't be
relevant, but I think we want dogtag replicated, so there's maybe some
ports for that that needs opening ?

Or, to put it another way, which of these ports:


needs to be opened between ipa server, which for all clients, which for
replica and which for administrative clients ?

        HTTP/HTTPS      -- open for all
        LDAP/LDAPS      -- open for all
        Kerberos        -- open for all
        OCSP responder  -- open for all if we use certs

        dogtag 9443 (agents)    -- ?
        dogtag 9444 (users, SSL)        -- ?
        dogtag 9445 (administrators)    -- ?
        dogtag 9446 (users, client authentication)      -- ?
        dogtag 9701 (Tomcat)    -- ?
        dogtag 7389 (internal LDAP database) -- ?


Freeipa-users mailing list

Reply via email to