Secure Global Desktop Administration Guide > Security > What ports does Secure Global Desktop use?

What ports does Secure Global Desktop use?

This page lists the ports used by Secure Global Desktop and their purpose. It also lists the direction and protocol information needed to configure firewalls for use with Secure Global Desktop. The ports are divided into ports used for:

connections between client devices and Secure Global Desktop servers;
connections between Secure Global Desktop servers;
connections between Secure Global Desktop servers and application servers; and
connections to authentication services and directory services.

Ports used for connections between client devices and Secure Global Desktop servers

Source	Destination	Destination port	Purpose
Client	Web server on the Secure Global Desktop host	80/tcp	Standard, unencrypted HTTP requests and responses used to display webtops.
Client	Web server on the Secure Global Desktop host	443/tcp	Secure, encrypted HTTPS requests and responses used to display webtops.
Client	Secure Global Desktop server	3144/tcp	Standard, unencrypted connections used for control and application display updates.
Client	Secure Global Desktop server	5307/tcp	SSL-based secure, encrypted connections to Secure Global Desktop servers which are using the Sun Secure Global Desktop Security Pack. Used for control and application display updates.

Notes

Client devices must be able to access the web server on any host on which Secure Global Desktop is installed.
If you are using Secure Global Desktop in "firewall forwarding mode", all the traffic that would normally flow through ports 443 and 5307 flows only through the firewall forwarding port, which is usually port 443.
Ports 80 and 443 are registered ports for web servers.
Ports 3144 and 5307 are ports registered for use only by Secure Global Desktop.

Ports used for connections between Secure Global Desktop servers

Source	Destination	Destination port	Purpose
Secure Global Desktop server	Another Secure Global Desktop server	515/tcp	Used when moving print jobs from one Secure Global Desktop server to another using the `tarantella print move` command.
Secure Global Desktop server	Another Secure Global Desktop server	5427/tcp	Used for connections between Secure Global Desktop servers to allow array replication and sharing of both static and dynamic data across the array.

Notes

Connections on port 5427 are required to establish and run arrays.
All array members must be able to connect to any other member of the array.
Port 5427 is registered for use only by Secure Global Desktop.

Ports used for connections between Secure Global Desktop servers and application servers

Source	Destination	Destination port	Purpose
Secure Global Desktop server	Application server	22/tcp	Used to connect to X and character applications using Secure SHell (SSH).
Secure Global Desktop server	Application server	23/tcp	Used to connect to Windows, X and character applications using telnet.
Application server	Secure Global Desktop server	137/udp	Used for WINS services with client drive mapping. The server binds to this port at start-up only if WINS services are currently enabled.
Application server	Secure Global Desktop server	139/tcp	Used for client drive mapping services. The server binds to this port at start-up, whether or not client drive mapping services are currently enabled.
Secure Global Desktop server	Application server	512/tcp	Used to connect to X applications using rexec.
Application server	Secure Global Desktop server	515/tcp	Used to send print jobs from the application server to a Secure Global Desktop server.
Secure Global Desktop server	Application server	3389/tcp	Used to connect to Windows applications configured to use the Microsoft RDP protocol.
Secure Global Desktop server	Application server	3579/tcp	Used for connections between the primary Secure Global Desktop server and the Secure Global Desktop load balancing service running on an application server.
Application server	Secure Global Desktop server	3579/udp	Used for connections between the Secure Global Desktop load balancing service running on an application server and the primary Secure Global Desktop server.
Secure Global Desktop server	Application server	5999/tcp	Used to connect to Windows applications, if the application configured to use the Wincenter protocol and the connection method is telnet. The Wincenter protocol is no longer supported but may be used by legacy Windows application objects,
Application server	Secure Global Desktop server	6010/tcp and above	Used to connect X applications with the protocol engines running on the Secure Global Desktop server.

Notes

Ports 22, 23, 512, 3389 and 5999 only need to be opened if they are required to run applications through Secure Global Desktop. The ports actually used depends on the application type, the connection method used to log in to the application server and (for Windows applications) the protocol used.
Ports 137 and 139 may be used by products providing Windows file and print services, such as Samba. You only need to open these ports if you are using client drive mapping.
Ports 3579 tcp and udp are ports registered for use only by Secure Global Desktop. You only need to open these ports if you are using Secure Global Desktop Advanced Load Management.
Port 5500 is only required if you are using the SecurID login authority. For the RSA ACE/Agent to authenticate to the Master ACE/Server through a firewall, port 5500/udp must be open from the Agent IP to the Master and Slave IP.
Ports 6010/tcp and above are not used if the Secure Global Desktop server connects to the application server using SSH and port forwarding is enabled.

Ports used for connections to authentication services and directory services

Source	Destination	Destination port	Purpose
Secure Global Desktop server	Windows server	88/udp or tcp	Used to authenticate users from a Windows domain.
Secure Global Desktop server	Windows server	137/udp	Used to authenticate users from a Windows NT domain.
Secure Global Desktop server	Windows server	139/tcp	Used to authenticate users from a Windows NT domain.
Secure Global Desktop server	LDAP directory server	389/tcp	Used to authenticate users and/or provide webtop content using LDAP.
Secure Global Desktop server	Windows server	464/udp or tcp	Used to allow users to change their password if it has expired.
Secure Global Desktop server	LDAP directory server	636/tcp	Used to authenticate users and/or provide webtop content using SSL-based LDAP (LDAPS).
RSA SecurID/ACE Server^®	Secure Global Desktop server	1024/udp to 65535/udp	Used to authenticate users using SecurID/ACE.
Secure Global Desktop server	Windows server	3268/tcp	Used to authenticate users from a Windows domain.
Secure Global Desktop server	RSA SecurID/ACE Server	5500/udp	Used to authenticate users using SecurID/ACE.

Notes

Ports 88, 464 and 3268 are only required if you are using the Active Directory login authority. Ports 88 and 464 can be either udp or tcp depending on the packet size and your Kerberos configuration, see enabling the Active Directory login authority for details.
Ports 137 and 139 may be used by products providing Windows file and print services, such as Samba. You only need to open these ports if you are using the NT login authority.
Ports 389/636 are only required if you are using the LDAP login authority or Directory Services Integration.
Ports 1024 to 65535 are only required if you are using the SecurID login authority. For the RSA ACE/Server^® to communicate to the RSA ACE/Agent^® through a firewall, all ports from 1024 to 65535/udp must be open from the Master and Slave IPs to the Agent IPs.
Port 5500 is only required if you are using the SecurID login authority. For the RSA ACE/Agent to authenticate to the Master ACE/Server through a firewall, port 5500/udp must be open from the Agent IP to the Master and Slave IP.

Related topics
Security and Secure Global Desktop Using Secure Global Desktop with firewalls What is an array? Introducing application server load balancing