Port Configuration for the Authentication Agent

  1. If you have not done so, download the Synchronization Agent from the TMWS management console and install it in your Intranet.

    The Synchronization Agent connects to your Active Directory to synchronize user and group data with TMWS.

    The data transmits over the HTTPS protocol on port 443 and this port is usually open on Firewall A by default, as depicted in the graphic above.

    For details, see Synchronization Agent Configuration.

  2. If you have not done so, download the Authentication Agent from the TMWS management console and install it to a computer in your network.

    For details, see Authentication Agent Configuration.

  3. On Firewall A, open port 443 (or your custom port if you chose another port) to allow any IP to connect to the TMWS Authentication Agent. If your organization requires transparent authentication, open port 80 (or your custom port for transparent authentication).
  4. On Firewall B, open port 389 to allow TMWS Authentication Agent connect to the Active Directory.
    Note:

    Putting the Authentication Agent in the DMZ allows user authentication regardless if they are inside the corporate network (User A) or outside of it (User B). If you deploy the Authentication Agent to the Intranet, only User A, who is inside the corporate network, can authenticate and log on to TMWS.

    Source

    Destination

    Firewall Settings

    Intranet

    TMWS services

    Port 443 on Firewall A (normally open)

    Internet

    TMWS Authentication Agent in DMZ

    Port 443 or 80 (for transparent authentication) on Firewall A

    TMWS Authentication Agent in DMZ

    Active Directory Server

    Port 389 on Firewall B

  5. Deploy the TMWS Synchronization Agent to synchronize user and group data with TMWS.

    See Synchronization Agent Configuration.