Required ports for firewall

I got my RADIUS/Privacy Idea server running with my VPN but would like to lock down the incoming ports. I looked for a listing of which ports should be opened for the service but didn’t find anything.

Does PrivacyIdea require any ports open on the inbound firewall or just the FreeRadius Server? Thanks

If the RADIUS server is on the same machine like the privacyIDEA server and if your VPN authenticates via RADIUS you only need the RADIUS port for external authentication.

If you want to manage tokens of course you need https. But you could also tunnel https through ssh if you need to manage anything.
Kind regards

Many thanks, Cornelius!