RSA RADIUS is installed and configured with RSA Authentication Manager. All the RADIUS-related ports (1645, 1646, 1812, 1813, and 7082) on the Authentication Manager server are open by default.
The RADIUS standard initially used UDP ports 1645 and 1646 for RADIUS authentication and accounting packets. The RADIUS standards group later changed the port assignments to 1812 and 1813. The Authentication Manager RADIUS server listens on all four ports for backward compatibility. If all the RADIUS clients are configured to talk to the RADIUS servers only on ports 1812 and 1813, you should block legacy ports 1645 and 1646 on the external firewall.
If you do not plan to use RSA RADIUS, but you have replica instances in your deployment, you must keep the TCP ports 1812 and 1813 open on your network. These ports are required for tasks such as replica attachment, replica promotion, and IP address and hostname changes. You can close the RADIUS authentication UDP ports 1812 and 1813.