Communication Port Requirements

The management center communicates with managed devices using a two-way, SSL-encrypted communication channel on port 8305/tcp. This port must remain open for basic communication.

Other ports allow secure management, as well as access to external resources required by specific features. In general, feature-related ports remain closed until you enable or configure the associated feature. Do not change or close an open port until you understand how this action will affect your deployment.

Communication Port Requirements
Port	Protocol/Feature	Platforms	Direction	Details
7/UDP	UDP/audit logging	Management Center	Outbound	Verify connectivity with the syslog server when configuring audit logging.
53/tcp 53/udp	DNS		Outbound	DNS
67/udp 68/udp	DHCP		Outbound	DHCP
123/udp	NTP		Outbound	Synchronize time.
162/udp	SNMP		Outbound	Send SNMP alerts to a remote trap server.
389/tcp 636/tcp	LDAP		Outbound	Communicate with an LDAP server for external authentication. Obtain metadata for detected LDAP users (Management Center only). Configurable.
443/tcp	HTTPS	Management Center	Inbound	Allow inbound connection to port 443 if you are onboarding the management center with an on-premises Secure Device Connector.
443/tcp	HTPS	Management Center	Outbound	Allow outbound traffic from port 443 if onboarding the management center to CDO using the cloud connector.
443/tcp	HTPS	Management Center	Outbound	Allow outbound connection for port 443 if onboarding the management center using SecureX.
443/tcp	HTTPS		Outbound	Send and receive data from the internet.
514/udp	Syslog (alerts)		Outbound	Send alerts to a remote syslog server.
1812/udp 1813/udp	RADIUS		Outbound	Communicate with a RADIUS server for external authentication and accounting. Configurable.
8305/tcp	Appliance communications		Both	Securely communicate between appliances in a deployment. Configurable. If you change this port, you must change it for all appliances in the deployment. We recommend you keep the default.