Security policies and firewall rules
Learn about hybrid environments' security policies and firewall rules.
- Ensure that security policies and firewall rules allow traffic from all nodes in the public cloud Cloudera on cloud network to access the on-premise ports used by runtime services. Please refer to Ports Used by Cloudera Runtime Components for the list of ports typically used by runtime components.
- Ensure that security policies and firewall rules allow traffic between your FreeIPA instance and your Active Directory Domain Controller. Direct communication between FreeIPA servers and Active Directory Domain Controllers is required over a range of ports for various protocols.
The following table details the essential ports that must be opened between all FreeIPA Trust Controllers and all Active Directory Domain Controllers.
| Port | Protocol | Service Name | Direction | Purpose |
|---|---|---|---|---|
| 53 | TCP/UDP | DNS | Bidirectional | Name and Service Record Resolution |
| 88 | TCP/UDP | Kerberos | Bidirectional | Authentication, Ticket Granting |
| 123 | UDP | NTP | Bidirectional | Time Synchronization |
| 135 | TCP | RPC Endpoint Mapper (EPMAP) | Bidirectional | LSA RPC for Trust Management |
| 138 | UDP | NetBIOS Datagram Service | Bidirectional | NetBIOS Communication |
| 139 | TCP | NetBIOS Session Service | Bidirectional | NetBIOS Communication |
| 389 | TCP/UDP | LDAP | Bidirectional | User/Group Resolution, Trust Validation |
| 445 | TCP | SMB/CIFS | Bidirectional | Trust Creation (IPC$ share access) |
| 464 | TCP/UDP | Kerberos Password Change | Bidirectional | Kerberos kpasswd service |
| 636 | TCP | LDAPS | IPA -> AD | Secure User/Group Resolution (if configured) |
| 3268 | TCP | LDAP Global Catalog (GC) | IPA -> AD | Forest-wide User/Group lookups |
| 3269 | TCP | LDAPS Global Catalog (GC) | IPA -> AD | Secure Forest-wide lookups (if configured) |
| 49152-65535 | TCP | RPC Dynamic Ports | Bidirectional | High ports for RPC communication initiated via EPMAP |
