Agent network requirements

The agent has the following network requirements.

Agent connection settings

The connection of the agent requires a DHCP server with a configured DNS.

Grant the agent outbound access to:

The Active Directory DNS servers (to query SRV DNS records for the FQDN of Active Directory Domain controllers).
The Active Directory LDAP or LDAPS service (to look up information on Microsoft certificate templates, Active Directory users, and Active Directory machines).

See below for the required outbound ports.

Target port	Protocol	Application	Target service
53	TCP/UDP	DNS	Active Directory DNS
389	TCP	LDAP	Active Directory secured with StartTLS
636	TCP	LDAPS	Active Directory

⚠ If an attempted LDAPS connection fails, the agent switches to LDAP port 389 and attempts to use StartTLS (because plaintext LDAP is not supported).

Grant the agent the outbound access to the ssl.com services.

URI	Target port	Protocol	Application
`ocsp.ssl.com`	443	TCP	HTTPS
`crls.ssl.com`	443	TCP	HTTPS

Grant the agent the following outbound access to the Oracle Yum server.

URI	Target port	Protocol	Application
`yum.oracle.com`	443	TCP	HTTPS

Grant the agent access to the package repository.

Region	URI	Target port	Protocol	Application
EU	`pkihub-eu-prod-rpm.s3.eu-central-1.amazonaws.com`	443	TCP	HTTPS
US	`pkihub-prod-rpm.s3.us-east-1.amazonaws.com`	443	TCP	HTTPS

Grant the agent access to the PKIHub services.

Region	URI	Target port	Protocol	Application
EU	`idp.eu.pkihub.entrust.com`	443	TCP	HTTPS
	`satellite.eu.pkihub.entrust.com`	443	TCP	HTTPS
	`wstep.eu.pkihub.entrust.com`	443	TCP	HTTPS
US	`idp.pkihub.entrust.com`	443	TCP	HTTPS
	`satellite.pkihub.entrust.com`	443	TCP	HTTPS
	`wstep.pkihub.entrust.com`	443	TCP	HTTPS