For Secret Server to function in a typical environment, the following firewall exceptions should be made:
HTTP for Web Browsers (80 inbound)
HTTPS for Web Browsers (443 inbound)
LDAP for Active Directory synchronization (389 or 636)
Windows Kerberos for AD Authentication if set up on domain (441)
Windows NTLM for AD Authentication if set up on domain (2640)
The following ports should also be open on the database server if it is a different machine than the web server:
SQL Connection (1433)
Encrypted SQL Connection (443)
If you are using remote password changing, you will also need to open ports as specified in this KB article:
http://support.thycotic.com/KB/a32/ports-required-for-remote-password-changing.aspxArticle ID: 126, Created On: 11/12/2010, Modified: 12/15/2011