Knowledge Base

Our dedicated Product Specialist team is always ready to help you when you need it the most. Contact Support

How to Configure a Firewall for Specops Password Policy

Internal Communication

SourceDestinationProtocolPort
All DCsArbiter(s)TCP4383
Password Policy Administration ToolArbiter(s)TCP4383
Password Policy Administration ToolPDC EmulatorTCP4385

Breached Password Protection

  • Make sure that URLs are not blocked by a proxy or firewall
  • Firewall SSL inspection is not supported. SSL inspection exceptions to the below URLs may be necessary and must have outbound access through proxy/firewalls.
  • Make sure 7.3 GBs is available to download the list

Please see the tables below for URLs or IPs that you will need to allow connectivity to for Breached Password Protection to work correctly.

Breached Password Protection Express (Also used for Password Auditor)

Breached Password Protection Express (on-premise subset of Breached Password Protection Complete used to block breached passwords in real time at the computer password change prompt). Access is required from systems running Password Policy Domain Administration when downloading the Express list.

HostIP AddressProtocolPort
breach-protection.specopssoft.com20.49.104.8TCP443
blacklist.specopssoft.com*20.49.104.8TCP443
ocsp.digicert.comTCP80
cdp.geotrust.comTCP80
download.specopssoft.com**Geo load balancedTCP443
crl.godaddy.comTCP80

Breached Password Protection Complete

Breached Password Protection Complete uses the Specops Arbiter component to connect to the Breached Password Protection cloud API and check passwords against the complete list of breached passwords). The following hosts must be accessible from your Arbiter server(s):

HostIP AddressProtocolPort
breach-protection.specopssoft.com20.49.104.8TCP443
blacklist.specopssoft.com*20.49.104.8TCP443
ocsp.digicert.comTCP80
cdp.geotrust.comTCP80

*For Version of Specops Password Policy 7.4 and earlier only
**IP addresses are dynamic based on CDN provider. You can use https://cachecheck.opendns.com to view many of the IP addresses.

Publication date: July 24, 2020
Modification date: December 6, 2024

Was this article helpful?

Related Articles