000025149 - How to add more Remote Administration ports for SecurID Appliance

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025149
Applies ToRSA Appliance
Remote Administration
IssueHow to add more Remote Administration ports for SecurID Appliance

Remote Administration to the Authentication Manager software on the Appliance will require the following ports:


5550/tcp (RSA SecurID Administration Daemon)

5520/tcp (RSA SecurID Log Database)

5530/tcp (RSA SecurID Server Database)


Including two random TCP ports and these ports are opened by the Authentication Manager to the Remote Administrative software for the transfer of data.


The RSA SecurID Appliance already has the administration daemon, log database, server database and twenty defined ports open. The twenty defined ports for the Authentication Manager software to transfer data to the Remote Administrative software are TCP ports 9000 through to 9020.


Adding additional ports allowing more Remote Administrative connections can be done as follows:


1.       From a remote desktop session, click Start and select Administrative Tools.

2.       From the Administrative Tools submenu, select Routing and Remote Access.

3.       From the Routing and Remote Access list, select IP Routing.

4.       Under IP Routing options, double-click NAT/Basic Firewall.

5.       On the NAT/Basic Firewall page, double-click Local Area Connection.

6.       In the Local Area Connection Properties dialog box, click the Services and Ports tab.

7.       Click Add.

8.       Enter a new description for the service, such as RSA SecurID Database Connection 21

9.       .Select the TCP protocol.

10.    Enter the following values:

Incoming port: 9021
Private address:
Outgoing port: 9021

11.    Click OK.

12.    Click Apply.


Repeat steps 7 through 11, incrementing the port number by a value of one for more ports, as required.

NOTE: Please bear in mind that as you open more ports you are making the RSA SecurID Appliance less secure.


Instructions for installing Remote Administrative software can be found in The RSA Authentication Manager 6.1 for Windows Installation Guide located at URL https://knowledge.rsasecurity.com/docs/rsa_securid/rsa_auth_mgr/61/authmgr_install_windows.pdf and the software (a file called RSA Authentication Manager.msi) is located on the Appliance in the C:\authmgr\installation directory.

NotesRouting and Remote Access (RRAS) on the Appliance has a Nat/Basic Firewall setting on the LAN connection under Ports and Services. There are twenty ports defined with a service name of RSA SecurID Database Connection 0 through to RSA SecurID Database Connection 20.  These ports correspond to the settings in the startup.pf file located in C:\authmgr\rdbms32.
Legacy Article IDa37393