[Freeipa-users] Confirming no extra/special ports need to be opened for replication traffic?

[Chris Dagdigian]

Been reading various generations of documentation to find out if I need 
additional TCP or UDP ports opened for IPA replication between 
VPN-connected dataceners.

I think the modern answer is no? We just need the standard IPA ports 
open between all of the IPA master/replicas that chat to each other?

                 TCP Ports:
                   * 80, 443: HTTP/HTTPS
                   * 389, 636: LDAP/LDAPS
                   * 88, 464: kerberos
                   * 53: bind
                 UDP Ports:
                   * 88, 464: kerberos
                   * 53: bind
                   * 123: ntp


-Chris