Communication ports used by Deep Security

Support
Solution ID Last Updated
1060007 Nov. 26, 2014 2:12 AM (PST)


Product / Version Platform
Deep Security - 8.0, 9.0, 9.5;
HPUX - 11.x, IBM - AIX, Linux - Red Hat - RHEL 4 32-bit, Linux - Red Hat - RHEL 4 64-bit, Linux - Red Hat - RHEL 5 32-bit, Linux - Red Hat - RHEL 5 64-bit, Linux - Red Hat - RHEL 6 32-bit, Linux - Red Hat - RHEL 6 64-bit, Linux - SuSE - 10, Linux - SuSE - 11, Unix - Solaris (Sun) - version 10 (SunOS 5.10), Unix - Solaris (Sun) - version 9 (SunOS 5.9), VMware - ESX 4.0, VMware - ESX 4.1, VMware - ESX 5.0, VMware - ESXi 4.0, VMware - ESXi 4.1, VMware - ESXi 5.0, VMware - vCenter 5.0, Windows - 2003 Enterprise, Windows - 2008 Enterprise

Problem Description

Learn about the different ports that Deep Security uses to communicate or connect to and from the Deep Security Manager (DSM), Deep Security Agent (DSA), Deep Security Relay (DSR), database communication, virtual appliance communication, and syslog communication.

Solution

Deep Security Manager
PortDirectionPurpose
4118 (TCP/UDP) From Manager to the Agent Agents listening port. Manager-to-Agent communication.
4120 (TCP/UDP) From the Agent to the Manager The "heartbeat" port, used by Deep Security Agents and Appliances to communicate with the Deep Security Manager.
4119 (TCP/UDP) Going to the Deep Security Manager console Used by your browser to connect to Deep Security Manager. Also used for Deep Security Relay to retrieve software packages from Deep Security Manager.
443 (TCP/UDP) From Manager to VMware vCenter, ESXi Host, vCloud Director, vShield/NSX Manager, AWS Server Used to communicate with ESXi (DSVA Deployment), vCloud Director, vCenter and vShield/NSX Manager. Used also to retrieve list of computers from Amazon Web Services (AWS).
25 (TCP) From Manager to SMTP server Communication to an SMTP server to send email alerts (configurable: DSM > Administration > System Settings > SMTP).
53 (TCP) From Manager to DNS For DNS lookup
389, 636 (TCP) Manager to LDAP server Connection to an LDAP Server for Active Directory integration (configurable: DSM > Computers > Computers (right-click) > Add Directory wizard). 389 for Non SSL / 636 for SSL.
Deep Security Agent/Virtual Appliance
PortDirectionPurpose
4118 (TCP/UDP) From Manager to the Agent/Appliance Manager-to Agent/Appliance-communication. Agent/Appliance's listening port.
4120 (TCP/UDP) From the Agent/Appliance to the Manager The "heartbeat" port, used by Deep Security Agents and Appliances to communicate with the Deep Security Manager.
5274 (TCP) Outgoing Connection to Local Web Reputation Server
80/443 (TCP) Outgoing Connection to Global Web Reputation Server,Global File Reputation Server and Local File Reputation Server
Deep Security Relay
PortDirectionPurpose
4118 (TCP/UDP) From Manager to the Relay Deep Security Manager sends commnands to Deep Security Relay.
4122 (TCP/UDP) From Manager/Agent to the Relay Relay listening port. Manager to Relay communication for retrieving components, and Agent/Appliance retrieve updatable components
80 and 443 (TCP/UDP) From Relay to the Internet iAU Security Updates
Database Communication
PortDirectionPurpose
1433 (TCP/UDP) Bi-directional Microsoft SQL server
1521 (TCP/UDP) Bi-directional Oracle SQL Server
Syslog Communication
PortDirectionPurpose
514 (TCP/UDP) Bi-directional Communication with Syslog server. (Configurable: DSM > Administration > System Settings > SIEM).


Rate this Solution
Did this article help you?

Please provide your comments to help us improve this solution.

 
  *This form is an automated system. General questions, technical, sales and product-related issues submitted through this form will not be answered.
 
 

Connect with us on