RSA RADIUS is installed and configured with RSA Authentication Manager. All the RADIUS-related ports (1645, 1646, 1812, 1813, and 7082) on the Authentication Manager server are open by default.
The RADIUS standard initially used UDP ports 1645 and 1646 for RADIUS authentication and accounting packets. The RADIUS standards group later changed the port assignments to 1812 and 1813. The Authentication Manager RADIUS server listens on all four ports for backward compatibility. If all the RADIUS clients are configured to talk to the RADIUS servers only on ports 1812 and 1813, you should block legacy ports 1645 and 1646 on the external firewall.
Whether or not you use RSA RADIUS, if you have replica instances in your deployment, you must allow connections between Authentication Manager instances on TCP ports 1812 and 1813. These ports are required for tasks such as replica attachment, replica promotion, and IP address and hostname changes. You should restrict connections from other systems that are not Authentication Manager instances. For example, use your external firewall to block access or use additional layers of network protection to block unauthorized internal users.
If you do not plan to use RADIUS, you can close the RADIUS authentication UDP ports 1812 and 1813.