Deep Security Manager
| Port | Direction | Purpose |
|---|---|---|
| 4118 (TCP) | From Manager to Agent | Agents listening port. Manager-to-Agent communication. |
| 4120 (TCP) | From the Agent to Manager | The "heartbeat" port, used by Deep Security Agents and Appliances to communicate with the Deep Security Manager. |
| 4119 (TCP) | Going to Deep Security Manager console | Used by your browser to connect to Deep Security Manager. Also used for Deep Security Relay to retrieve software packages from Deep Security Manager. |
| 443 (TCP) | From Manager to VMware vCenter, ESXi Host, vCloud Director, vShield/NSX Manager, AWS Server | Used to communicate with ESXi (DSVA Deployment), vCloud Director, vCenter and vShield/NSX Manager. Used also to retrieve list of computers from Amazon Web Services (AWS). |
| 25 (TCP) | From Manager to SMTP server | Communication to an SMTP server to send email alerts (configurable: DSM > Administration > System Settings > SMTP). |
| 53 (TCP) | From Manager to DNS | For DNS lookup |
| 389, 636 (TCP) | Manager to LDAP server | Connection to an LDAP Server for Active Directory integration (configurable: DSM > Computers > Computers (right-click) > Add Directory wizard). 389 for Non SSL / 636 for SSL. |
Deep Security Agent/Virtual Appliance
| Port | Direction | Purpose |
|---|---|---|
| 4118 (TCP) | From Manager to Agent/Appliance | Manager-to Agent/Appliance-communication. Agent/Appliance's listening port. |
| 4120 (TCP) | From Agent/Appliance to Manager | The "heartbeat" port, used by Deep Security Agents and Appliances to communicate with the Deep Security Manager. |
| 5274 (TCP) | Outgoing | Connection to Local Web Reputation Server |
| 80/443 (TCP) | Outgoing | Connection to Global Web Reputation Server,Global File Reputation Server and Local File Reputation Server |
Deep Security Relay
| Port | Direction | Purpose |
|---|---|---|
| 4118 (TCP) | From Manager to the Relay | Deep Security Manager sends commands to Deep Security Relay. |
| 4122 (TCP) | From Manager/Agent to the Relay | Relay listening port. Manager to Relay communication for retrieving components, and Agent/Appliance retrieve updatable components |
| 80 and 443 (TCP) | From Relay to Internet | iAU Security Updates |
Database Communication
| Port | Direction | Purpose |
|---|---|---|
| 1433 (TCP) | Bi-directional | Microsoft SQL server |
| 1521 (TCP) | Bi-directional | Oracle SQL Server |
Syslog Communication
| Port | Direction | Purpose |
|---|---|---|
| 514 (UDP) | Manager-Initiated | Communication with Syslog server. (Configurable: DSM > Administration > System Settings > SIEM). |
Control Manager (TMCM) Communication
| Port | Direction | Purpose |
|---|---|---|
| 80 or 443 | Outgoing destination port | Connection with TMCM |
| 4119 | Source port from DSM | Connection with TMCM |
For more information, refer to this Deep Security Help Center article: Port numbers, URLs, and IP addresses.