Home
Alerts, reporting, troubleshooting
Local RADIUS/TACACS+ instances
In this collection of topics, you will learn how to troubleshoot problems with the operation of the local RADIUS/TACACS+ instances.
Firewall open ports TACACS+
In this topic, you will learn how to configure your firewall to make sure that the local TACACS+ instance can communicate with the cloud TACACS+ instances.

Alerts, reporting, troubleshooting
- Portnox Cloud alerts
  In this topic, you will learn what are alerts in Portnox™ Cloud, where to find them, and how to use them effectively.
- AAA Logs
  In this topic, you will learn what are AAA logs in Portnox™ Cloud, where to find them, and how to use them effectively.
- Reporting service
  In this topic, you will learn what is the Portnox™ Cloud reporting service and how to download and/or schedule different types of reports.
- Preventive and reactive measures
  In this collection of topics, you will learn what you can do to prevent service outages and how to react if such outages happen.
- Monitoring mode
  In this collection of topics, you will learn how to use the monitoring mode to safely onboard devices without risking the loss of network access.
- Portnox Cloud onboarding
  In this collection of topics, you will learn how to troubleshoot problems with onboarding devices to a network managed by Portnox™ Cloud.
- Portnox Cloud RADIUS
  In this collection of topics, you will learn how to troubleshoot problems with Portnox™ Cloud RADIUS server connectivity.
- Portnox Active Directory Broker
  In this collection of topics, you will learn how to troubleshoot problems with the installation and operation of the Portnox™ Active Directory Broker.
- Portnox AgentP
  In this collection of topics, you will learn how to troubleshoot problems with the installation and operation of the Portnox™ AgentP.
- Local RADIUS/TACACS+ instances
  In this collection of topics, you will learn how to troubleshoot problems with the operation of the local RADIUS/TACACS+ instances.
  - Troubleshooting using SSH
    In this topic, you will learn how to troubleshoot problems with the operation of the local RADIUS or local TACACS+ instance in a virtual machine by using the PuTTY application, the SSH protocol, and Linux shell commands.
  - Firewall open ports RADIUS
    In this topic, you will learn how to configure your firewall to make sure that the local RADIUS instance can communicate with the cloud RADIUS instances.
  - Firewall open ports TACACS+
    In this topic, you will learn how to configure your firewall to make sure that the local TACACS+ instance can communicate with the cloud TACACS+ instances.
- Guest network (captive portal)
  In this collection of topics, you will learn how to troubleshoot problems with the Portnox Cloud guest network service and its captive portal.
- Integrations
  In this collection of topics, you will learn how to troubleshoot problems with Portnox Cloud integrations such as those with authentication repositories, endpoint management solutions, and more.
- Conditional Access for Applications
  In this collection of topics, you will learn how to troubleshoot problems with Portnox Conditional Access to Applications.

How to set up the firewall for the local TACACS+ instance to connect to Portnox Cloud

In this topic, you will learn how to configure your firewall to make sure that the local TACACS+ instance can communicate with the cloud TACACS+ instances.

You need to open the following ports on your firewall:


FQDN	Protocol	Ports	Direction
tm-tacacs-aahandler-prod.portnox.com	TCP	443	Outbound
tacacs-aahandler-aks-clear-prod-eus.portnox.com	TCP	443	Outbound
tacacs-aahandler-aks-clear-prod-weu.portnox.com	TCP	443	Outbound
tm-tacacs-prod.portnox.com	TCP	443	Outbound
tacacs-aks-clear-prod-eus.portnox.com	TCP	443	Outbound
tacacs-aks-clear-prod-weu.portnox.com	TCP	443	Outbound
tacacs-prod-eastus.servicebus.windows.net	TCP	443	Outbound
tacacs-prod-westeu.servicebus.windows.net	TCP	443	Outbound
tacacsprodus.blob.core.windows.net	TCP	443	Outbound
logs-consolidation-prod-eastus.servicebus.windows.net	TCP	443	Outbound
logs-consolidation-prod-westeu.servicebus.windows.net	TCP	443	Outbound

Warning: Since Microsoft services can change their public IP addresses (as has happened in the past), we recommend avoiding the use of static IP addresses. Instead, use fully qualified domain names (FQDNs) as listed above.

If your firewall software does not support FQDNs or encounters issues, such as failing to recognize some IP addresses resolved from the FQDNs, you can use this official Azure script to retrieve the IP addresses associated with an Azure FQDN. You can then add all these IP addresses to the firewall instead of the FQDNs. However, be sure to regularly monitor connectivity and check for any updates, as Microsoft may add or remove IP addresses over time.