Network Matrix for Transport Layer Security (TLS) Mode
The illustration below shows the network matrix for a TLS platform with the required protocol and port.
Based on this diagram, the networks flows are as follows:
|
Network Flows |
To | From | Tenable’s Usage |
Type of Traffic |
Protocol and Port |
|---|---|---|---|---|---|
| 1. | Tenable Security Probe | Customer’s Domain Controllers |
Directory, Replication, User and Computer Authentication, Group Policy, Trusts |
LDAP/LDAPS |
TCP/389 and TCP/636 ICMP/echo-request ICMP/echo-response |
|
Replication, User and Computer Authentication, Group Policy, Trusts |
SMB, CIFS, SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc |
TCP/445 |
|||
|
User and Computer Authentication, Forest Level Trusts |
Kerberos |
TCP/88, TCP/464 and UDP/464 |
|||
|
User and Computer Authentication, Name Resolution, Trusts |
DNS |
UDP/53 and TCP/53 |
|||
|
Replication, User and Computer Authentication, Group Policy, Trusts |
RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS |
TCP Dynamic (> 1024) |
|||
|
Directory, Replication, User and Computer Authentication, Group Policy, Trusts |
Global Catalog |
TCP/3268 and TCP/3269 |
|||
|
Replication |
RPC Endpoint Mapper |
TCP/135 |
|||
|
|
Tenable Security probe | Tenable Identity Exposure SaaS platform |
Tenable’s security probe TLS Tunnel |
Advanced Message Queuing Protocol encrypted in TLS |
TCP/5671 |
|
|
End-users | Tenable Identity Exposure SaaS platform |
Tenable’s end-user services (Web portal, REST API, etc.) |
TLS/HTTP |
TCP/443 |
Depending on your Tenable Identity Exposure configuration, you may need to allow additional flows by opening these protocols and ports between Tenable Identity Exposure and the targeted service.
|
Network Flows |
To | From |
Tenable’s Usage (optional) |
Type of Traffic |
Protocol and Port |
|---|---|---|---|---|---|
| 4. | Tenable Identity Exposure SaaS platform | Support services |
Email notifications |
SMTP |
TCP/25, TCP/587, TCP/465, TCP/2525, TCP/25025
|
|
Syslog notifications |
Syslog |
TCP/601, TCP/6515, UDP/514 (depending on the event log server’s configuration) |
|||
|
Tenable REST API |
TLS /HTTP |
TCP/443 |
|||
|
PKI infrastructure |
HTTP/HTTPS |
TCP/80 or TCP/443 |
|||
|
Identity provider SAML server |
TLS/HTTP |
TCP/443 |
|||
|
Identity provider LDAP |
LDAP/LDAPS |
TCP/389 and TCP/636 |
|||
|
Identity provider OAuth |
HTTPS |
TCP/443 |