Cayosoft Guardian service separated by a firewall from Active Directory
When the
| System | Type | Port | Description |
|---|---|---|---|
| Service, Domain Controller | TCP | 389 | LDAP |
| Service, Domain Controller | TCP | 3268 | LDAP |
| Service, Domain Controller | TCP | 5985/5986 | WinRM (Windows Remote Management) |
| Service, Network file share | TCP | 139/445 | SMB |
| Service | TCP | 443 | HTTPS connection |
Cayosoft Guardian web portal
The following ports must be open to access the Cayosoft Guardian web portal:
| System | Type | Port | Description |
|---|---|---|---|
| Web portal | TCP | 80/443 | HTTP/HTTPS connections |
Cayosoft Guardian AD connector
The following ports must be open to access the Cayosoft Guardian AD connector:
| System | Type | Port | Description |
|---|---|---|---|
| Web portal | TCP | 80/443 | HTTP/HTTPS connections |
Cayosoft Guardian Forest Recovery Agent
The following ports must be open to access Forest Recovery Agent of Cayosoft Guardian:
| System | Type | Port | Description |
|---|---|---|---|
| Service, Agent | TCP | 5985/5986 | WinRM (Windows Remote Management) |
| Service, Agent | TCP | 443 | HTTPS connection |
| Network file share, Agent | TCP | 139/445 | SMB |
Microsoft Office 365 Verification/Authentication
For detailed information about Microsoft Office 365 ports and addresses, see Office 365 URLs and IP address ranges article.
Azure SQL Database
For consistent connectivity to SQL Database or dedicated SQL pools in Azure Synapse, allow network traffic to and from ALL Gateway IP addresses and Gateway IP address subnets for the region. Periodically, Microsoft retires Gateways using old hardware and migrates the traffic to new Gateways following the process outlined in Azure SQL Database traffic migration to newer Gateways.
Find the list of Gateway IP addresses and Gateway IP address subnets in Gateway IP addresses.
Ports and endpoints required for Cayosoft cloud services
If Cayosoft Guardian uses online licensing or automatic product updates, allow outbound HTTPS traffic to the required Cayosoft cloud service endpoints.
| Required/Optional | Service | Endpoint | Port | Purpose |
|---|---|---|---|---|
| Required | License Service |
api.telemetry.cayosoft.com
|
TCP 443 | Online license activation, validation, and subscription synchronization. |
| Optional | Telemetry |
api.telemetry.cayosoft.com
|
TCP 443 | Optional telemetry data. |
| Optional | Cayosoft Guardian Product update downloads |
|
TCP 443 | Download product update packages from Cayosoft cloud services. |
| Optional | Cayosoft Guardian Threat Detection Product update downloads |
|
TCP 443 | Download product update packages from Cayosoft cloud services. |
Diagrams
Ports used by Cayosoft Guardian
Cayosoft Guardian connects to a single domain controller to collect changes from a managed AD domain.
Cayosoft Guardian connects to all domain controllers to collect additional data from a managed AD domain.
Cayosoft Guardian connects to select an agent on the domain controller to create a backup or connects to a machine in a recovery site to recover this machine as a domain controller.
- Forest Recovery agent connects to all DCs in the environment using WinRM to collect information about every DC.
- Microsoft 365 URLs and IP address ranges: Microsoft 365 URLs and IP address ranges.
- Azure IP Ranges and Service Tags - Public Cloud: Azure IP Ranges and Service Tags – Public Cloud.
Ports used by AD connector
- Cayosoft AD connector collects changes from preferred domain controller from a managed AD domain.
- Cayosoft AD connector collects events from any domain controller from a managed AD domain.
- Cayosoft AD connector tasks and collected data are delivered to Cayosoft Guardian Server.
- Microsoft 365 URLs and IP address ranges: Microsoft 365 URLs and IP address ranges.
- Azure IP ranges and service tags - Public Cloud: Azure IP Ranges and Service Tags – Public Cloud.
- AWS IP address and port requirements - IP address and port requirements
Comments
0 comments
Please sign in to leave a comment.