Home Admin Deployment Ports Guide
On this page
Expand Collapse To understand how the components of StrongDM work together, first look at the How StrongDM Works pages. This page details the network ports that need to be opened in order for the various components to successfully communicate.
All ports listed are TCP unless otherwise noted.
Client #
US
UK
EU
Destination Port Type Requirement Description app.strongdm.com 443 Egress Required Allows communication with StrongDM to authenticate users and obtain information such as available resources and routing information api.strongdm.com 443 Egress Required Allows CLI commands to make calls to StrongDM API endpoints downloads.strongdm.com 443 Egress Required Allows updates to the software to be downloaded checkip.amazonaws.com 443 Egress Optional Allows information to be derived from public IP, such as for connection troubleshooting 1.1.1.1 53 (UDP) Egress Optional Cloudflare fallback for DNS resolution of StrongDM endpoints if default DNS fails Gateway Custom Egress Required Clients egress to gateways (default 5000) Client (loopback) 65220 Ingress Required Required for the CLI to be able to report on state/status Client (loopback) 65230 Ingress Required Required to allow proxy traffic for web resources Client (loopback) Custom Ingress Required Configured inbound port override for each resource to which the client has access
Destination Port Type Requirement Description app.uk.strongdm.com 443 Egress Required Allows communication with StrongDM to authenticate users and obtain information such as available resources and routing information api.uk.strongdm.com 443 Egress Required Allows CLI commands to make calls to StrongDM API endpoints downloads.uk.strongdm.com 443 Egress Required Allows updates to the software to be downloaded checkip.amazonaws.com 443 Egress Optional Allows information to be derived from public IP, such as for connection troubleshooting 1.1.1.1 53 (UDP) Egress Optional Cloudflare fallback for DNS resolution of StrongDM endpoints if default DNS fails Gateway Custom Egress Required Clients egress to gateways (default 5000) Client (loopback) 65220 Ingress Required Required for the CLI to be able to report on state/status Client (loopback) 65230 Ingress Required Required to allow proxy traffic for web resources Client (loopback) Custom Ingress Required Configured inbound port override for each resource to which the client has access
Destination Port Type Requirement Description app.eu.strongdm.com 443 Egress Required Allows communication with StrongDM to authenticate users and obtain information such as available resources and routing information api.eu.strongdm.com 443 Egress Required Allows CLI commands to make calls to StrongDM API endpoints downloads.eu.strongdm.com 443 Egress Required Allows updates to the software to be downloaded checkip.amazonaws.com 443 Egress Optional Allows information to be derived from public IP, such as for connection troubleshooting 1.1.1.1 53 (UDP) Egress Optional Cloudflare fallback for DNS resolution of StrongDM endpoints if default DNS fails Gateway Custom Egress Required Clients egress to gateways (default 5000) Client (loopback) 65220 Ingress Required Required for the CLI to be able to report on state/status Client (loopback) 65230 Ingress Required Required to allow proxy traffic for web resources Client (loopback) Custom Ingress Required Configured inbound port override for each resource to which the client has access
Relays #
US
UK
EU
Destination Port Type Requirement Description app.strongdm.com 443 Egress Required Allows communication with StrongDM to authenticate and obtain information such as routing information and credential information for resources downloads.strongdm.com 443 Egress Required Allows updates to the software to be downloaded checkip.amazonaws.com 443 Egress Optional Allows information to be derived from public IP, such as the Admin UI “Location” field for gateways/relays 1.1.1.1 53 (UDP) Egress Optional Cloudflare fallback for DNS resolution of StrongDM endpoints if default DNS fails Gateway Custom Egress Required Egress to gateways in order to securely establish connections through which to allow traffic (default 5000) Resource Custom Egress Required Egress to resources Secret Stores Custom Egress Required May reach out to the configured secret store (if any) and acquire credentials to connect to the target resource
Destination Port Type Requirement Description app.uk.strongdm.com 443 Egress Required Allows communication with StrongDM to authenticate and obtain information such as routing information and credential information for resources downloads.uk.strongdm.com 443 Egress Required Allows updates to the software to be downloaded checkip.amazonaws.com 443 Egress Optional Allows information to be derived from public IP, such as the Admin UI “Location” field for gateways/relays 1.1.1.1 53 (UDP) Egress Optional Cloudflare fallback for DNS resolution of StrongDM endpoints if default DNS fails Gateway Custom Egress Required Egress to gateways in order to securely establish connections through which to allow traffic (default 5000) Resource Custom Egress Required Egress to resources Secret Stores Custom Egress Required May reach out to the configured secret store (if any) and acquire credentials to connect to the target resource
Destination Port Type Requirement Description app.eu.strongdm.com 443 Egress Required Allows communication with StrongDM to authenticate and obtain information such as routing information and credential information for resources downloads.eu.strongdm.com 443 Egress Required Allows updates to the software to be downloaded checkip.amazonaws.com 443 Egress Optional Allows information to be derived from public IP, such as the Admin UI “Location” field for gateways/relays 1.1.1.1 53 (UDP) Egress Optional Cloudflare fallback for DNS resolution of StrongDM endpoints if default DNS fails Gateway Custom Egress Required Egress to gateways in order to securely establish connections through which to allow traffic (default 5000) Resource Custom Egress Required Egress to resources Secret Stores Custom Egress Required May reach out to the configured secret store (if any) and acquire credentials to connect to the target resource
Gateways #
US
UK
EU
Destination Port Type Requirement Description app.strongdm.com 443 Egress Required Allows communication with StrongDM to authenticate and obtain information such as routing information and credential information for resources downloads.strongdm.com 443 Egress Required Allows updates to the software to be downloaded checkip.amazonaws.com 443 Egress Optional Allows information to be derived from public IP, such as the Admin UI “Location” field for gateways/relays 1.1.1.1 53 (UDP) Egress Optional Cloudflare fallback for DNS resolution of StrongDM endpoints if default DNS fails Gateway Custom Egress Required Egress to other gateways dependent upon your network topology (default 5000) Resource Custom Egress Required Egress to resources Secret Stores Custom Egress Required May reach out to the appropriate secret store (if any) and acquire credentials to connect to the target resource Advertised Port Custom Ingress Required Ingress allowed from clients, gateways, and relays (default 5000)
Destination Port Type Requirement Description app.uk.strongdm.com 443 Egress Required Allows communication with StrongDM to authenticate and obtain information such as routing information and credential information for resources downloads.uk.strongdm.com 443 Egress Required Allows updates to the software to be downloaded checkip.amazonaws.com 443 Egress Optional Allows information to be derived from public IP, such as the Admin UI “Location” field for gateways/relays 1.1.1.1 53 (UDP) Egress Optional Cloudflare fallback for DNS resolution of StrongDM endpoints if default DNS fails Gateway Custom Egress Required Egress to other gateways dependent upon your network topology (default 5000) Resource Custom Egress Required Egress to resources Secret Stores Custom Egress Required May reach out to the appropriate secret store (if any) and acquire credentials to connect to the target resource Advertised Port Custom Ingress Required Ingress allowed from clients, gateways, and relays (default 5000)
Destination Port Type Requirement Description app.eu.strongdm.com 443 Egress Required Allows communication with StrongDM to authenticate and obtain information such as routing information and credential information for resources downloads.eu.strongdm.com 443 Egress Required Allows updates to the software to be downloaded checkip.amazonaws.com 443 Egress Optional Allows information to be derived from public IP, such as the Admin UI “Location” field for gateways/relays 1.1.1.1 53 (UDP) Egress Optional Cloudflare fallback for DNS resolution of StrongDM endpoints if default DNS fails Gateway Custom Egress Required Egress to other gateways dependent upon your network topology (default 5000) Resource Custom Egress Required Egress to resources Secret Stores Custom Egress Required May reach out to the appropriate secret store (if any) and acquire credentials to connect to the target resource Advertised Port Custom Ingress Required Ingress allowed from clients, gateways, and relays (default 5000)
Scripts That Use the API #
US
UK
EU
Destination Port Type Requirement Description api.strongdm.com 443 Egress Required Required for calling API endpoints
Destination Port Type Requirement Description api.uk.strongdm.com 443 Egress Required Required for calling API endpoints
Destination Port Type Requirement Description api.eu.strongdm.com 443 Egress Required Required for calling API endpoints
Active Directory Domain Controllers for RDP Certificate Auth #
US
UK
EU
Destination Port Type Requirement Description app.strongdm.com 443 Egress Required Allows communication with StrongDM to obtain information such as the Certificate Revocation List
Destination Port Type Requirement Description app.uk.strongdm.com 443 Egress Required Allows communication with StrongDM to obtain information such as the Certificate Revocation List
Destination Port Type Requirement Description app.eu.strongdm.com 443 Egress Required Allows communication with StrongDM to obtain information such as the Certificate Revocation List