Applicable Version: 10.00 onwards
Cyberoam provides Clientless Single Sign On in the form of Cyberoam Transparent Authentication Suite (CTAS) user automatically logs on to Cyberoam when he/she logs on to Windows using his/her windows username and password. Refer the following articles to implement Clientless SSO in AD-DC environment:
1. Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment
2. Implement Clientless SSO Authentication in Multiple Active Directory Domain Controller
CTAS configuration on Active Directory requires certain ports to be open for connectivity between Cyberoam and the AD-DC server. On the AD-DC Server, active Windows Firewall for Public, Private and Domain profiles prohibits connectivity if certain ports are closed.
· CTAS Collector installed on the AD-DC server listens on UDP Port 6677 from Cyberoam and sends Logon details back on UDP Port 6060.
· CTAS Agent sends Logon details to collector on TCP port 5566 (if installed separately).
Thus, the Local Firewall on the Active Directory requires the mentioned ports to be open for successful connectivity.The CTAS can be implemented in multiple AD-DC scenarios. Refer the following section for scenario-wise open port requirements in the local firewall:
Scenario 1: One AD-DC is on the network and CTAS Suite is installed on the same.
On DC, where CTAS Suite is installed
· Inbound UDP 6677 port
· Outbound UDP 6060
Scenario 2: Two or more domain controllers; One AD-DC with CTAS Suite and other AD-DC with CTAS Agent installed.
On AD-DC, where CTAS Suite is installed
ON AD-DC, where CTAS Agent is installed
· Inbound TCP 5566 port
· Outbound TCP 5566 port
Scenario 3: Two or more AD-DCs are installed with CTAS Suite for Fault Tolerance
On all AD-DCs
. Outbound UDP 6060
Document Version: 1.0 – 23 March, 2015
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.