Summary
Learn about the different ports that Deep Security uses to communicate or connect to and from the Deep Security Manager (DSM), Deep Security Agent (DSA), Deep Security Relay (DSR), database communication, virtual appliance communication, and syslog communication.
The information below is for Deep Security On-Premise only. For Deep Security as a Service (DSaaS), please check this article: Restricting Outbound Access from Agents over Port 443.
Details
Deep Security Manager
| Port | Direction | Purpose |
|---|---|---|
| 4118 (TCP) | From Manager to Agent | Agents listening port. Manager-to-Agent communication. |
| 4120 (TCP) | From the Agent to Manager | The "heartbeat" port, used by Deep Security Agents and Appliances to communicate with the Deep Security Manager. |
| 4119 (TCP) | Going to Deep Security Manager console | Used by your browser to connect to Deep Security Manager. Also used for Deep Security Relay to retrieve software packages from Deep Security Manager. |
| 443 (TCP) | From Manager to VMware vCenter, ESXi Host, vCloud Director, vShield/NSX Manager, AWS Server | Used to communicate with ESXi (DSVA Deployment), vCloud Director, vCenter and vShield/NSX Manager. Used also to retrieve list of computers from Amazon Web Services (AWS). |
| 25 (TCP) | From Manager to SMTP server | Communication to an SMTP server to send email alerts (configurable: DSM > Administration > System Settings > SMTP). |
| 53 (TCP) | From Manager to DNS | For DNS lookup |
| 389, 636 (TCP) | Manager to LDAP server | Connection to an LDAP Server for Active Directory integration (configurable: DSM > Computers > Computers (right-click) > Add Directory wizard). 389 for Non SSL / 636 for SSL. |
Deep Security Agent/Virtual Appliance
| Port | Direction | Purpose |
|---|---|---|
| 4118 (TCP) | From Manager to Agent/Appliance | Manager-to Agent/Appliance-communication. Agent/Appliance's listening port. |
| 4120 (TCP) | From Agent/Appliance to Manager | The "heartbeat" port, used by Deep Security Agents and Appliances to communicate with the Deep Security Manager. |
| 5274 (TCP) | Outgoing | Connection to Local Web Reputation Server |
| 80/443 (TCP) | Outgoing | Connection to Global Web Reputation Server,Global File Reputation Server and Local File Reputation Server |
Deep Security Relay
| Port | Direction | Purpose |
|---|---|---|
| 4118 (TCP) | From Manager to the Relay | Deep Security Manager sends commands to Deep Security Relay. |
| 4122 (TCP) | From Manager/Agent to the Relay | Relay listening port. Manager to Relay communication for retrieving components, and Agent/Appliance retrieve updatable components |
| 80 and 443 (TCP) | From Relay to Internet | iAU Security Updates |
Database Communication
| Port | Direction | Purpose |
|---|---|---|
| 1433 (TCP) | Bi-directional | Microsoft SQL server |
| 1521 (TCP) | Bi-directional | Oracle SQL Server |
Syslog Communication
| Port | Direction | Purpose |
|---|---|---|
| 514 (UDP) | Manager-Initiated | Communication with Syslog server. (Configurable: DSM > Administration > System Settings > SIEM). |
Control Manager (TMCM) Communication
| Port | Direction | Purpose |
|---|---|---|
| 80 or 443 | Outgoing destination port | Connection with TMCM |
| 4119 | Source port from DSM | Connection with TMCM |
For more information, refer to this Deep Security Help Center article: Port numbers, URLs, and IP addresses.
