NAICE ports used for external communication
Default port values are provided
| Source | Source port | Destination | Destination port | Transport protocol | Notes |
|---|---|---|---|---|---|
| RADIUS traffic processing | |||||
| NAS | any | NAICE | 1812 | UDP | Access-Request authorization requests |
| NAS | any | NAICE | 1813 | UDP | Accounting-Request accounting requests |
| TACACS+ traffic processing | |||||
| TACACS+ clients | any | NAICE | 49 | TCP | Sending TACACS+ requests and accounting |
| DHCP fingerprint processing for profiling | |||||
| Supplicant / DHCP Relay Agent | 67/68 | NAICE | 67 | UDP | DHCP client requests for fingerprint collection |
| Portal-based authorization | |||||
| client network | any | NAICE | 8443 | TCP | Access to the web portal for portal-based authorization |
| NAICE administration | |||||
| administrative network | any | NAICE | 22 | TCP | Server access for management via CLI over SSH or configuration using Ansible playbooks |
| administrative network | any | NAICE | 80 | TCP | Access to the server over HTTP (used only for redirection to secure port 443) |
| administrative network | any | NAICE | 443 | TCP | Access to the server web GUI over HTTPS |
| administrative network | any | NAICE | 8000 | TCP | Access to the NAICE administration web GUI deployed from OVA/QCOW2 images |
| Sending logs via the Syslog protocol | |||||
| NAICE | any | Syslog server | 514 | UDP | Sending logs and TACACS+ accounting via Syslog to an external Syslog server |
| Interaction with an external MS AD data source | |||||
| NAICE | any | DNS | 53 | UDP | Server responsible for domain name resolution, including MS AD domain |
| NAICE | any | MS AD server | 389 | TCP/UDP | Access to MS AD server over LDAP |
| NAICE | any | MS AD server | 636 | TCP | Access to MS AD server over LDAPS (TLS encryption is used) |
| NAICE | any | MS AD server | 3268 | TCP/UDP | Access to MS AD server over LDAP (may be used instead of port 389) |
| NAICE | any | MS AD server | 3269 | TCP | Access to MS AD server over LDAPS (may be used instead of port 636) |
| NAICE | any | MS AD server | 49152-65535 | TCP/UDP | Access to MS AD server for netlogon requests |
| Interaction with an external LDAP data source | |||||
| NAICE | any | LDAP server | 389 | TCP/UDP | Access to LDAP server |
| NAICE | any | LDAP server | 636 | TCP | Access to LDAPS server (TLS encryption is used) |
| Interaction with an external SMS gateway | |||||
| NAICE | any | SMS gateway | 80 | TCP | Access to SMS gateway over HTTP |
| NAICE | any | SMS gateway | 443 | TCP | Access to SMS gateway over HTTPS |
| Interaction with an external SMTP server | |||||
| NAICE | any | SMTP server | 25 | TCP | Access to SMTP server |
| NAICE | any | SMTP server | 465 | TCP | Access to SMTP server (TLS encryption is used) |
| NAICE | any | SMTP server | 587 | TCP | Access to SMTP server (TLS encryption is used) |
| Ports used by NAICE nodes in a high-availability deployment | |||||
| PostgreSQL database | any | NAICE | 5432 | TCP | Access to the database from NAICE services |
| PostgreSQL database | any | neighboring PostgreSQL node | 15432 | TCP | Port used by Replication Manager for PostgreSQL for data synchronization between database nodes |
| NAICE node | any | neighboring NAICE node | 5701 | TCP | Port used for data synchronization between naice-ovis services |
| NAICE node | any | neighboring NAICE node | 5702 | TCP | Port used for data synchronization between naice-vulpus services |
| NAICE node | any | neighboring NAICE node | 5703 | TCP | Port used for data synchronization between naice-aquila services |
| NAICE node | any | neighboring NAICE node | 5704 | TCP | Port used for data synchronization between naice-bubo services |
| NAICE node | any | neighboring NAICE node | 5705 | TCP | Port used for data synchronization between naice-castor services |
| NAICE node | any | neighboring NAICE node | 5706 | TCP | Port used for data synchronization between naice-mustela services |
| NAICE node | any | neighboring NAICE node | 6222 | TCP | Port used for data exchange between nodes via the naice-nats service |
| Interaction between NAICE and the Peeper monitoring system | |||||
NAICE | any | monitoring server | 443 | TCP | Sending monitoring data to Peeper using the Peeper Client installed on the NAICE server |
List of ports used by NAICE containers
| Container name | External port | Internal port | Transport protocol | Internal/External | Notes |
|---|---|---|---|---|---|
| epg-service | 8100 | 8100 | TCP | internal | |
| naice-aquila | 49 | 49 | TCP | external | |
| 5703 | 5703 | TCP | external | Used only in a high-availability deployment. In a single-host installation, it is bound to 127.0.0.1 | |
| 8091-8092 | 8091-8092 | TCP | internal | ||
| naice-bubo | 8093 | 8093 | TCP | internal | |
| 5704 | 5704 | TCP | external | Used only in a high-availability deployment. In a single-host installation, it is bound to 127.0.0.1 | |
| naice-castor | 8095 | 8095 | TCP | internal | |
| 5705 | 5705 | TCP | external | Used only in a high-availability deployment. In a single-host installation, it is bound to 127.0.0.1 | |
| naice-cetus | 8099 | 8099 | TCP | internal | |
| naice-gavia | 8080 | 8080 | TCP | internal | |
| naice-gulo | 8089 | 8089 | TCP | internal | |
| naice-lemmus | 8083 | 8083 | TCP | internal | |
| naice-lepus | 8087 | 8087 | TCP | internal | |
| 67 | 1024 | UDP | external | ||
| naice-mustela | 8070 | 8070 | TCP | internal | |
| naice-nats | 4222 | 4222 | TCP | internal | |
| 6222 | 6222 | TCP | external | Used only in a high-availability deployment | |
| 7777 | 7777 | TCP | internal | ||
| 8222 | 8222 | TCP | external | Web GUI, may be used by an administrator for diagnostics | |
| naice-ovis | 5701 | 5701 | TCP | external | Used only in a high-availability deployment. In a single-host installation, it is bound to 127.0.0.1 |
| 8084 | 8084 | TCP | internal | ||
| naice-phoca | 8097 | 8097 | TCP | internal | |
| naice-postgres | 5432 | 5432 | TCP | internal/external | External access is required in a high-availability deployment |
| 15432 | 15432 | TCP | external | Used only in a high-availability deployment | |
| naice-radius | 1812-1813 | 1812-1813 | UDP | external | |
| 9812 | 9812 | TCP | internal | ||
| naice-sterna | 8443 | 80 / 444 | TCP | external | The internal port depends on the selected portal access mode: HTTP or HTTPS |
| naice-ursus | 8081 | 8081 | TCP | internal | |
| naice-vulpus | 5702 | 5702 | TCP | external | Used only in a high-availability deployment. In a single-host installation, it is bound to 127.0.0.1 |
| 8086 | 8086 | TCP | internal | ||
| 8088 | 8088 | TCP | internal | ||
| naice-web | 80 | 4200 | TCP | external | Used only for redirection to secure port 443 |
| 443 | 443 | TCP | external |
List of ports used by Peeper monitoring system containers installed on the NAICE server
| Container name | External port | Internal port | Transport protocol | Internal/External | Notes |
|---|---|---|---|---|---|
| naice-aquila | 8091 | 8091 | TCP | internal | |
| naice-bubo | 8093 | 8093 | TCP | internal | |
| naice-castor | 8095 | 8095 | TCP | internal | Access via HTTPS |
| naice-cetus | 8099 | 8099 | TCP | internal | |
| naice-gavia | 8080 | 8080 | TCP | internal | Access via HTTPS |
| naice-gulo | 8089 | 8089 | TCP | internal | |
| naice-lemmus | 8083 | 8083 | TCP | internal | Access via HTTPS |
| naice-lepus | 8087 | 8087 | TCP | internal | |
| naice-mustela | 8070 | 8070 | TCP | internal | |
| naice-ovis | 8084 | 8084 | TCP | internal | |
| naice-radius | 9812 | 9812 | TCP | internal | |
| naice-ursus | 8081 | 8081 | TCP | internal | |
| naice-vulpus | 8086 | 8086 | TCP | internal | |
| naice-nats | 7777 | 7777 | TCP | internal |