Cayosoft Guardian service separated by a firewall from Active Directory 
When the Cayosoft Guardian Service and Active Directory resources are separated by a firewall, the following ports must be opened:
| System | Type | Port* | Description |
|---|---|---|---|
| Service, Domain Controller |
TCP |
389 |
LDAP |
| Service, Domain Controller |
TCP |
3268 |
LDAP |
| Service, Domain Controller |
TCP |
5985/5986 |
WinRM (Windows Remote Management) |
| Service, Network file share |
TCP |
139/445 |
SMB |
| Service |
TCP |
443 |
HTTPS Connection |
Cayosoft Guardian web portal
The following ports must be open to access the web portal:
| System | Type | Port | Description |
|---|---|---|---|
|
Web Portal |
TCP |
443 |
HTTP/HTTPS Connections |
Cayosoft Guardian AD connector
The following ports must be open to access the AD connector:
| System | Type | Port | Description |
|---|---|---|---|
|
AD connector |
TCP |
44300/443 |
HTTP/HTTPS Connections |
Cayosoft Guardian Forest Recovery Agent
The following ports must be open to access the Forest Recovery Agent:
| System | Type | Port | Description |
|---|---|---|---|
|
Service, Agent |
TCP |
5985/5986 |
WinRM (Windows Remote Management) |
|
Service, Agent |
TCP |
443 |
HTTPS Connection |
|
Network file share, Agent |
TCP |
139/445 |
SMB |
Microsoft Office 365 Verification/Authentication
For detailed information about Microsoft Office 365 ports and addresses, see Office 365 URLs and IP address ranges article.
Azure SQL database
For consistent connectivity to SQL Database or dedicated SQL pools (formerly SQL DW) in Azure Synapse, allow network traffic to and from ALL Gateway IP addresses and Gateway IP address subnets for the region. Periodically, Microsoft retires Gateways using old hardware and migrates the traffic to new Gateways following the process outlined in Azure SQL Database traffic migration to newer Gateways.
Note: Use the Gateway IP address subnets not to be impacted by this activity in a region.
Find the list of Gateway IP addresses and Gateway IP address subnets in Gateway IP addresses.
Diagrams
PORTS USED BY CAYOSOFT GUARDIAN
- Cayosoft Guardian connects to a single domain controller to collect changes from a managed AD domain.
- Cayosoft Guardian connects to all domain controllers to collect additional data from a managed AD domain.
- Cayosoft Guardian connects to select an agent on domain controller to create backup or connects to a machine in a recovery site to recover this machine as a domain controller.
- Forest Recovery agent connects to all DCs in the environment using WinRM to collect information about every DC.
- Microsoft 365 URLs and IP address ranges: https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges
- Azure IP Ranges and Service Tags - Public Cloud: https://www.microsoft.com/en-us/download/details.aspx?id=56519.
PORTS USED BY AD CONNECTOR
- Cayosoft AD connector collects changes from preferred domain controller from a managed AD domain.
- Cayosoft AD connector collects events from any domain controller from a managed AD domain.
- Cayosoft AD connector tasks and collected data are delivered to Cayosoft Guardian Server.
- Microsoft 365 URLs and IP address ranges: https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges
- Azure IP ranges and service tags - Public Cloud: https://www.microsoft.com/en-us/download/details.aspx?id=56519.
- AWS IP address and port requirements - https://docs.aws.amazon.com/whitepapers/latest/access-workspaces-with-access-cards/ip-address-and-port-requirements.html
Comments
0 comments
Please sign in to leave a comment.