Views:
The following section shows the ports that are used with Deep Discovery Director (Consolidated Mode) and why they are used.

Ports used by Deep Discovery Director (Consolidated Mode)

Port
Protocol
Function
Purpose
22
TCP
Listening and outbound
Deep Discovery Director (Consolidated Mode) uses this port to:
  • Connect to the preconfiguration console
  • Download Virtual Analyzer images from an SFTP server
  • Back up configuration settings and data to an SFTP server
25
TCP
Outbound
Deep Discovery Director (Consolidated Mode) uses this port to send alert notifications through SMTP.
53
TCP/UDP
Outbound
Deep Discovery Director (Consolidated Mode) uses this port for DNS resolution.
80
TCP
Outbound
Deep Discovery Director (Consolidated Mode) connects to other computers and integrated Trend Micro products and hosted services through this port.
In particular,Deep Discovery Director (Consolidated Mode) uses this port to:
  • Connect to a proxy server
  • Connect to the Email Encryption service
123
UDP
Outbound
Deep Discovery Director (Consolidated Mode) uses this port to connect to the NTP server to synchronize time.
139
TCP
Outbound
Deep Discovery Director (Consolidated Mode) uses this port to download Virtual Analyzer images from a network folder.
161
UDP
Listening
Deep Discovery Director (Consolidated Mode) uses this port for SNMP agent listening and protocol translation.
162
UDP
Listening and Outbound
Deep Discovery Director (Consolidated Mode) uses this port:
  • For SNMP agent listening and protocol translation
  • To send SNMP trap notifications
443
TCP
Listening and outbound
Deep Discovery Director (Consolidated Mode) uses this port to:
  • Access the management console with a computer through HTTPS
  • Connect to the Customer Licensing Portal
  • Listen to TAXII 1.x and 2.0/2.1 client requests
  • Listen to integrating product or service requests for threat intelligence data
  • Listen to auxiliary product or service requests for threat intelligence data
  • Communicate with auxiliary products or services for threat intelligence sharing
  • Communicate with Deep Discovery appliances
  • Communicate with Deep Discovery Director - Network Analytics as a Service
  • Communicate with the ActiveUpdate server
  • Communicate with Trend Micro Apex Central
  • Communicate with Trend Vision One
445
TCP/UDP
Outbound
Deep Discovery Director (Consolidated Mode) uses this port to download Virtual Analyzer images from a network folder.
601
TCP
Outbound
Deep Discovery Director (Consolidated Mode) uses this port to send logs to a syslog server.
636
TCP
Outbound
Deep Discovery Director (Consolidated Mode) uses this port to retrieve user information from LDAP servers.
4459
TCP
Listening
Deep Discovery Director (Consolidated Mode) uses this port to access the End-User Quarantine console with a computer over HTTPS.
6514
TCP
Listening and Outbound
Deep Discovery Director (Consolidated Mode) uses this port to send logs to a syslog server over TCP with SSL encryption.
8080
TCP
Listening
Deep Discovery Director (Consolidated Mode) uses this port to share threat intelligence with other products.
8883
TCP
Outbound
Deep Discovery Director (Consolidated Mode) uses this port to distribute threat intelligence data to OpenDXL clients, services, and brokers.
18183
TCP
Outbound
Deep Discovery Director (Consolidated Mode) uses this port to distribute threat intelligence data to Check Point Open Platform for Security.