Ports, protocols, and firewall requirements
- Updated: 2024/11/05
Ports, protocols, and firewall requirements
View the default and configurable firewall, port, and protocol requirements for Automation Anywhere deployment. View the default ports and protocols that are required to be allowed on customer's firewall for Automation Anywhere deployment. The default ports that are used for HTTP/HTTPS are configurable.
- Add Automation Anywhere to the Windows Firewall exception list. Follow the steps as directed by Microsoft for your Windows version.
- Allow communication from Automation Anywhere by adding it to the allowed list in firewall. Follow the steps in the firewall documentation of the operating system.
- Configure the firewall rules and add the Control Room URLs to safe recipients list.
- Configure the firewall rules to allow communication on the server or the firewall appliances that are configured in between, or add the Control Room URLs to the safe recipients list in firewall or end device browsers.
Refer to the following tables for lists of required ports and their use.
For Automation Co-Pilot (extensions), use the following reference to add to your trusted URLs list. See, Firewall configuration and trusted URLs for Chrome extension
Control Room
| Protocol | Port | Usage | Clients |
|---|---|---|---|
| TCP | 1234 | ActiveMQ Health check | Automation 360 Services |
| HTTP | 80 | HTTP |
Web browsers |
| HTTPS | 443 |
HTTPS and Web Socket |
Web browsers |
| TCP | 4575 | Control Room Monitoring Service | Automation 360 Services |
| TCP | 5672 | Cluster Messaging | Automation 360 Services |
| TCP | 47100 - 47200 | Cluster Messaging and Caching | Automation 360 Services |
| TCP | 47500 - 47598 | Cluster Messaging and Caching | Automation 360 Services |
| HTTP | 47599 | OpenSearch | Automation 360 Services |
| TCP | 47600 | OpenSearch | Automation 360 Services |
| HTTP | 4567 | Control Room | Automation 360 Services |
| HTTP |
4569 - 4571 |
Automation Co-Pilot for Business Users | Automation 360 Services |
| TCP |
5800 - 5900 |
Automation Co-Pilot for Business Users | Automation 360 Services |
Internal ports for localhost services
| Port | Protocol |
|---|---|
| 4567 - 4571 | HTTPS REST |
| 5678 - 5708 | gRPC |
Data center ports and protocols for Automation 360
Default ports are listed for illustration purposes. Some ports can have alternative port numbers specified during Control Room installation. Some port numbers can be modified after Control Room installation. Active Directory ports are listed as an example of an enterprise identity management.
After the HTTP/HTTPS connection is established between the Control Room and Bot Agent, the communication will be sent using the WebSocket.
All three objects, the web browser, Bot Agent, and external applications communicate directly with the Control Room. A user logs into the Control Room through a browser, to do tasks, such as creating users, or bot related tasks, such as creating, deploying, and scheduling bots. Bot Agent establishes a connection with the Control Room on registration and keeps it alive in order to receive bot deployments from the Control Room. External applications talk to the Control Room directly through the Control Room APIs to perform tasks such as creating users or running bots.
| Connection from | Connection to | Protocol | Port | Usage |
|---|---|---|---|---|
| Bot Agent | Load balancer or firewall, or both | HTTP and WebSocket | 80 (TCP) Default | HTTP and WebSocket |
| Bot Agent | Load balancer or firewall, or both | HTTP and WebSocket | 443 (TCP) | HTTP and WebSocket |
| Web Browser | Load balancer or firewall, or both | HTTP and WebSocket | 80 (TCP) | HTTP and WebSocket |
| Web Browser | Load balancer or firewall, or both | HTTP and WebSocket | 443 (TCP) | HTTP and WebSocket |
| Control Room services | Enterprise identity management (for example, Active Directory) | LDAP | 389 (TCP) | User authentication |
| LDAP SSL | 636 (TCP) | User authentication | ||
| LDAP global controller | 3268 (TCP) | User authentication | ||
| LDAP global controller SSL | 3269 (TCP) | User authentication | ||
| Kerberos | 88 (TCP and UDP) | User authentication | ||
| Control Room services |
File share with Microsoft Server Message Block (SMB) |
SMB 2.0 or SMB 3.0 | 445 (TCP) | Repository file share access |
| Control Room services | Microsoft SQL database server | SQL | 1433 (TCP) Configurable | Database access |
Microsoft Azure supported data center elements
| Data center object | Supported version | Configuration |
|---|---|---|
| Control Room operating system |
|
IaaS |
| Identity management: Azure Active Directory | Azure Active Directory |
|
| SMB File Share | Azure File Share with Server Message Block 2.0 and 3.0 (SMB) protocol | PaaS |
| Load Balancer | Azure Load Balancer (Not Application Gateway) | PaaS |
| Microsoft SQL server | Azure SQL Database with single database (Microsoft SQL Azure (RTM) - 12.0.2000.8) | PaaS |
Microsoft Azure security policy recommended ports
| Data center object | Port | Protocol |
|---|---|---|
| Control Room |
|
HTTP/HTTPS |
| LDAP |
|
TCP (LDAPS - Secure TCP) |
| email SMTP | 587 | SMTP |
| SSH | 22 | TCP |
| RDP Note:
|
3389 | TCP |
Google Cloud Platform security policy recommended ports
| Data center object | Port | Protocol |
|---|---|---|
| Load balancer |
|
|
| Firewall |
|
|
| Microsoft SQL Server database | 1433 | TCP |