Ports, protocols, and firewall requirements

View the default and configurable firewall, port, and protocol requirements for Automation Anywhere deployment. View the default ports and protocols that are required to be allowed on customer's firewall for Automation Anywhere deployment. The default ports that are used for HTTP/HTTPS are configurable.

  • Add Automation Anywhere to the Windows Firewall exception list. Follow the steps as directed by Microsoft for your Windows version.
  • Allow communication from Automation Anywhere by adding it to the allowed list in firewall. Follow the steps in the firewall documentation of the operating system.
  • Configure the firewall rules and add the Control Room URLs to safe recipients list.
  • Configure the firewall rules to allow communication on the server or the firewall appliances that are configured in between, or add the Control Room URLs to the safe recipients list in firewall or end device browsers.

Refer to the following tables for lists of required ports and their use.

Control Room

Important: It is critical that communication between the Control Room servers is properly protected. The communication between Control Room servers contain security sensitive information. Therefore, in addition to allowing all the required communication directly between the Control Room cluster servers, you should block all the inbound traffic from hosts except for HTTP/HTTPS ports to communicate with the Control Room servers.
Protocol Port Usage Clients
HTTP 80 HTTP

Web browsers
HTTPS 443

HTTPS and

Web Socket

Web browsers
TCP/UDP 1234 ActiveMQ Automation 360 Services
TCP 5672 Cluster Messaging Automation 360 Services
TCP 47100 - 47200 Cluster Messaging and Caching Automation 360 Services
TCP 47500 - 47598 Cluster Messaging and Caching Automation 360 Services
HTTP 47599 Elasticsearch Automation 360 Services
TCP 47600 Elasticsearch Automation 360 Services
HTTP 4567 Control Room Automation 360 Services
HTTP

4569 - 4571

 Automation Co-Pilot Automation 360 Services
TCP

5800 - 5900

 Automation Co-Pilot Automation 360 Services

Internal ports for localhost services

Note that the following internal ports are used for Automation 360 localhost services:
Port Protocol
4567 - 4571 HTTPS REST
5678 - 5707 gRPC

Data center ports and protocols for Automation 360

Configure each of the data center components that are required for Control Room integration. In the image below, Control Room components are shown in orange and data center components provided by your organization are shown in blue.

Note: The arrows in the image indicates the combination of communicating hosts and does not indicate the direction of the establishing the connection.

Data center components labeled with port numbers for communications with Control Room

Default ports are listed for illustration purposes. Some ports can have alternative port numbers specified during Control Room installation. Some port numbers can be modified after Control Room installation. Active Directory ports are listed as an example of an enterprise identity management.

After the HTTP/HTTPS connection is established between the Control Room and Bot Agent, the communication will be bidirectional (inbound and outbound) using the WebSocket .

All three objects, the web browser, Bot Agent, and external applications communicate directly with the Control Room. A user logs into the Control Room through a browser, to do tasks, such as creating users, or bot related tasks, such as creating, deploying, and scheduling bots. Bot Agent establishes a connection with the Control Room on registration and keeps it alive in order to receive bot deployments from the Control Room. External applications talk to the Control Room directly through the Control Room APIs to perform tasks such as creating users or running bots.

Connection from Connection to Protocol Port Usage
Bot Agent Load balancer or firewall, or both HTTP and WebSocket 80 (TCP) Default HTTP and WebSocket
Bot Agent Load balancer or firewall, or both HTTP and WebSocket 443 (TCP) HTTP and WebSocket
Web Browser Load balancer or firewall, or both HTTP and WebSocket 80 (TCP) HTTP and WebSocket
Web Browser Load balancer or firewall, or both HTTP and WebSocket 443 (TCP) HTTP and WebSocket
Control Room services Enterprise identity management (for example, Active Directory) LDAP 389 (TCP) User authentication
LDAP SSL 636 (TCP) User authentication
LDAP global controller 3268 (TCP) User authentication
LDAP global controller SSL 3269 (TCP) User authentication
Kerberos 88 (TCP and UDP) User authentication
Control Room services

File share with Microsoft Server Message Block (SMB)

 SMB 2.0 or SMB 3.0 445 (TCP) Repository file share access
Control Room services Microsoft SQL database server SQL 1433 (TCP) Configurable Database access

Microsoft Azure supported data center elements

Data center object Supported version Configuration
Control Room operating system
  • Microsoft Windows Server 2012 and 2012 R2 Datacenter
  • Microsoft Windows Server 2016 Standard and Datacenter
  • Microsoft Windows Server 2019 Standard and Datacenter
 IaaS
Identity management: Azure Azure Active Directory
  • IDaaS
  • Windows 2016 for IaaS
Azure File Share with Server Message Block 2.0 and 3.0 (SMB) protocol PaaS
Azure Load Balancer (Not Application Gateway) PaaS
Azure SQL Database with single database (Microsoft SQL Azure (RTM) - 12.0.2000.8) PaaS

Microsoft Azure security policy recommended ports

Data center object Port Protocol
Control Room
  • 80
  • 443
 HTTP/HTTPS
LDAP
  • 3268
  • 3269
 TCP (LDAPS - Secure TCP)
email SMTP 587 SMTP
SSH 22 TCP
RDP 3389 TCP

Google Cloud Platform security policy recommended ports

Data center object Port Protocol
Load balancer
  • 80
  • 443
  • HTTP
  • HTTPS
Firewall
  • 80
  • 443
  • 1433
  • HTTP
  • HTTPS
  • TCP
Microsoft SQL Server database 1433 TCP