Communication Port Requirements
The management center communicates with managed devices using a two-way, SSL-encrypted communication channel on port 8305/tcp. This port must remain open for basic communication.
Other ports allow secure management, as well as access to external resources required by specific features. In general, feature-related ports remain closed until you enable or configure the associated feature. Do not change or close an open port until you understand how this action will affect your deployment.
Port | Protocol/Feature | Platforms | Direction | Details |
---|---|---|---|---|
7/UDP | UDP/audit logging | Management Center | Outbound | Verify connectivity with the syslog server when configuring audit logging. |
53/tcp 53/udp |
DNS |
Outbound |
DNS |
|
67/udp 68/udp |
DHCP |
Outbound |
DHCP |
|
123/udp |
NTP |
Outbound |
Synchronize time. |
|
162/udp |
SNMP |
Outbound |
Send SNMP alerts to a remote trap server. |
|
389/tcp 636/tcp |
LDAP |
Outbound |
Communicate with an LDAP server for external authentication. Obtain metadata for detected LDAP users (Management Center only). Configurable. |
|
443/tcp |
HTTPS |
Management Center |
Inbound |
Allow inbound connection to port 443 if you are onboarding the management center with an on-premises Secure Device Connector. |
443/tcp |
HTPS |
Management Center |
Outbound |
Allow outbound traffic from port 443 if onboarding the management center to CDO using the cloud connector. |
443/tcp |
HTPS |
Management Center |
Outbound |
Allow outbound connection for port 443 if onboarding the management center using SecureX. |
443/tcp |
HTTPS |
Outbound |
Send and receive data from the internet. |
|
514/udp |
Syslog (alerts) |
Outbound |
Send alerts to a remote syslog server. |
|
1812/udp 1813/udp |
RADIUS |
Outbound |
Communicate with a RADIUS server for external authentication and accounting. Configurable. |
|
8305/tcp |
Appliance communications |
Both |
Securely communicate between appliances in a deployment. Configurable. If you change this port, you must change it for all appliances in the deployment. We recommend you keep the default. |