Ports needed for Communication between SDA and Clients:
80 -- HTTP (Also needed for SDA ---> RSA)
443-- HTTPS (if SSL
139 -- SAMBA share
135 -- SAMBA share
445 -- SAMBA share (Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UDP).
22 -- SSH Outbound only for Tether connections to Kace.
Please Note: That the tether connection uses only 'outbound' port 22, not inbound port 22, since the
22 -- SSH for syncing to RSA and single sign-on
389 -- LDAP (if using LDAP authentication)
636 -- LDAPS (if using secure LDAP authentication)
67 -- DHCP
69 -- TFTP
4011 -- PXE
52231 -- Upgrade and refresh RSA version
8108 -- Media Manager (Also needed for SDA--->RSA) Kloned Imaging Service
Note: These ports also cover communication between the Systems Deployment Appliance and a Remote Site Appliance.
Ensure routers/firewalls are
The SDA does not have a built-in firewall. The SDA is not recommended for DMZ operations, only for operation on the internal network.
Ports and URL access required for SDA to download driver feed and
HTTP (80) and HTTPS (443) access to service.kace.com and servicecdn.kace.com