Communication ports used by Deep Security

Support
Solution ID Last Updated
1060007 Date : 2014/08/08 Time:2:48 AM , (PST)


Product/Version Platform
Deep Security - 7.0, 7.5, 8.0, 9.0, 9.5;
HPUX - 11.x, IBM - AIX, Linux - Red Hat - RHEL 4 32-bit, Linux - Red Hat - RHEL 4 64-bit, Linux - Red Hat - RHEL 5 32-bit, Linux - Red Hat - RHEL 5 64-bit, Linux - Red Hat - RHEL 6 32-bit, Linux - Red Hat - RHEL 6 64-bit, Linux - SuSE - 10, Linux - SuSE - 11, Unix - Solaris (Sun) - version 10 (SunOS 5.10), Unix - Solaris (Sun) - version 9 (SunOS 5.9), VMware - ESX 4.0, VMware - ESX 4.1, VMware - ESX 5.0, VMware - ESXi 4.0, VMware - ESXi 4.1, VMware - ESXi 5.0, VMware - vCenter 5.0, Windows - 2003 Enterprise, Windows - 2008 Enterprise

Problem Description

Learn about the different ports that Deep Security uses to communicate or connect to and from the Deep Security Manager (DSM), Deep Security Agent (DSA), Deep Security Relay (DSR), database communication, virtual appliance communication, and syslog communication.

Solution

Deep Security Manager
PortDirectionPurpose
4118 (TCP/UDP) From Manager to the Agent Agents listening port. Manager-to-Agent communication.
4120 (TCP/UDP) From the Agent to the Manager The "heartbeat" port, used by Deep Security Agents and Appliances to communicate with the Deep Security Manager.
4119 (TCP/UDP) Going to the Deep Security Manager console Used by your browser to connect to Deep Security Manager. Also used for communication from ESXi and requests for security updates by the DSVA.
443 (TCP/UDP) From Manager to VMware vCenter, ESXi Host, vCloud Director, vShield Manager, AWS Server Used to communicate with ESXi (DSVA Deployment), vCloud Director, vCenter and vShield Manager. Used also to retrieve list of computers from Amazon Web Services (AWS).
25 (TCP) From Manager to SMTP server Communication to an SMTP server to send email alerts (configurable: DSM > Administration > System Settings > SMTP).
53 (TCP) From Manager to DNS For DNS lookup
80 (TCP/UDP) From Manager to Active Update server Connection to Trend Micro Update server, Smart Protection Server and global Web Reputation Server.
389, 636, and 3268 (TCP) Manager to LDAP server Connection to an LDAP Server for Active Directory integration (configurable: DSM > Computers > Computers (right-click) > Add Directory wizard). 389 for Non SSL / 636 for SSL.
7 (TCP) From Manager to the Computers The DSM will attempt to use an ICMP echo request to locate a host. If the attempt failed, DSM will try to establish a TCP connection on port 7 (echo) to the target host.
Deep Security Agent
PortDirectionPurpose
4118 (TCP/UDP) From Manager to the Agent Manager-to Agent-communication. Agent's listening port.
4120 (TCP/UDP) From the Agent to the Manager The "heartbeat" port, used by Deep Security Agents and Appliances to communicate with the Deep Security Manager.
5274 (TCP) Outgoing Connection to Local Web Reputation Server
Deep Security Relay
Note: This feature is only available in Deep Security 8.0/9.0.
PortDirectionPurpose
4122 (TCP/UDP) From network members to the Relay Relay listening port. Manager to Relay communication for retrieving components.
80 and 443 (TCP/UDP) From Relay to the Internet iAU Security Updates
Database Communication
PortDirectionPurpose
1433 (TCP/UDP) Bi-directional Microsoft SQL server
1434 (TCP/UDP) Bi-directional Microsoft SQL server
1521 (TCP/UDP) Bi-directional Oracle SQL Server
Virtual Appliance Communication
PortDirectionPurpose
4118 (TCP/UDP) From Manager to the virtual appliance (DSVA) Manager to DSVA communication
4122 (TCP) From Appliance to Relay Relay's listening port. Appliance-to-Relay communication.
80 and 443 (TCP/UDP) From DSVA to VMware vShield Manager Sending Anti-Malware functionality status information to the vShield Manager. Connection to Trend Micro Update server, Smart protection Server and Global Web Reputation Server.
5274 (TCP) Outgoing Connection to Local Web Reputation Server
Syslog Communication
PortDirectionPurpose
514 (TCP/UDP) Bi-directional Communication with Syslog server. (Configurable: DSM > Administration > System Settings > SIEM).


Rate this Solution
Did this article help you?

Please provide your comments to help us improve this solution.

 
  *This form is an automated system. General questions, technical, sales and product-related issues submitted through this form will not be answered.
 
 

Connect with us on