Kron PAM Inbound Ports
Kron PAM Users can connect Kron PAM modules from the ports below. These ports must be open for end-users. Database replication ports must also be open to provide high availability.
Note that all ports below must be open for Kron end-users and VPN users.
Table of Kron PAM Inbound Port Legend includes all Kron PAM modules. Please configure your environment based on the modules that your platform includes.
Service Name | Port Number | Source | Destination | Comments |
|---|---|---|---|---|
Kron PAM WEB GUI | 443 / TCP | End-User | Kron PAM Instances | These ports are used to access the Web GUI of Kron PAM. |
Mobile Application Notification | 9080 / TCP 9443 / TCP | End-User Mobile App | Kron PAM Instances | End-User’s mobile app will use these ports to communicate Kron PAM. |
Kron PAM SSH Proxy | 2222 / TCP | End-User | Kron PAM Instances | End-Users will use Kron PAM’s SSH Proxy via these ports. (Users can connect 2222 port of Kron PAM via an SSH client to use Kron PAM SSH Proxy.) |
Kron PAM S/FTP Proxy | 3333 / TCP | End User | Kron PAM Instances | End-Users will use Kron PAM’s S/FTP Proxy via these ports. |
Platform’s SSH / SFTP | 22 / TCP | Authorized Users (System Admins, Support Engineers) | Kron PAM Instances | This port is used to access to CLI of the device on which Kron PAM is installed. |
Kron PAM SQL Proxy | 5000 / TCP and different ports based on SQL Proxy configuration | End-User | Kron PAM Instances | End-Users will use Kron PAM’s SQL Proxy via these ports. |
Kron PAM HTTP/S Proxy | 7080 / TCP | End-User | Kron PAM Instances | End-Users will use Kron PAM’s HTTP/S Proxy via this port. |
TACACS | 49 / TCP 49 / UDP | End Point / Device | Kron PAM Instances | End-Point/Device will use Kron PAM’s TACACS Module via this port. |
Database Replication | 31417 / TCP  | Between Kron PAM Instances (N to N) | Between Kron PAM Instances (N to N) | These ports are used to provide replication between instances. |
Database | 5444 / TCP | Authorized Users (System Admins, Support Engineers) | Kron PAM Instances | These ports are used to access the Kron PAM database. |
You can check whether a port is open for an end-user on a Windows platform by running the following PowerShell command. This command tries to establish a connection from the IP address of end-users to the related port of the Kron PAM Instance.
Checking the port connectivity:
PS C:\Users\myuser> Test-NetConnection <Kron PAM IP> -p <Desired Port>
Successful connection example:
PS C:\Users\myuser> Test-NetConnection X.X.X.X -p 443 ComputerName : X.X.X.X RemoteAddress : X.X.X.X RemotePort : 443 InterfaceAlias : Ethernet 6 SourceAddress : S.S.S.S TcpTestSucceeded : True
Failed connection example:
You can see a sample of failed connection output. TCPTestSucceeded column is False for failed conditions.
PS C:\Users\myuser> Test-NetConnection X.X.X.X -p 443 WARNING: TCP connect to (X.X.X.X : 443) failed ComputerName : X.X.X.X RemoteAddress : X.X.X.X RemotePort : 443 InterfaceAlias : Ethernet 6 SourceAddress : S.S.S.S PingSucceeded : False PingReplyDetails (RTT) : 0 ms