Configure your firewall and connected products to allow inbound communication to the Service Gateway.
Use the following settings to configure your firewall or open the necessary ports
on your virtual host to allow internal, inbound communication from connected products
and third-party applications to the Service Gateway.
 |
ImportantThese ports are strictly for internal network traffic and the Service Gateway does
not require any external inbound ports to be opened.
|
|
Listening Port
|
Purpose
|
|
22
|
Secure Shell (SSH) communication, which allows users to remotely access the Service
Gateway and execute commands
|
|
80
|
Service enabled queries for on-premises Active Directory servers, connected Trend Micro products (such as endpoint agents), Predictive Machine Learning, File Reputation
Services, or Third-Party Integration
Port 80 is opened for HTTP traffic.
|
|
389
|
Unencrypted directory queries with on-premises Active Directory servers or other LDAP-compatible
directories
Port 389 enables basic LDAP communication for authentication and directory lookups.
|
|
443
|
Service enabled queries for on-premises Active Directory servers, connected Trend Micro products (such as endpoint agents), Predictive Machine Learning, File Reputation
Services, or Third-Party Integration
Port 443 is opened for HTTPS traffic.
|
|
445
|
File sharing, Windows networking, and Active Directory replication via the Server
Message Block (SMB) protocol
Port 445 is needed if Service Gateway interacts with Active Directory for authentication
or file-based operations.
|
|
636
|
Secure directory queries by wrapping LDAP communication in TLS/SSL encryption
Port 636 is used when secure access to Active Directory or LDAP directories is required.
|
|
5274
|
Web Reputation Services or Web Inspection Service queries
Port 5274 is opened for HTTP traffic.
|
|
5275
|
Web Reputation Services or Web Inspection Service queries
Port 5275 is opened for HTTPS traffic.
|
|
8080
|
Forward Proxy Service listening port for connection
|
|
8088
|
Zero Trust Secure Access On-Premises Gateway listening port for connection
|
|
8089
|
Zero Trust Secure Access On-Premises Gateway user authentication listening port for
connection
|
|
1344
|
Zero Trust Secure Access On-Premises Gateway ICAP listening port for connection
|
|
11344
|
Zero Trust Secure Access On-Premises Gateway ICAPS listening port for connection
|
Firewall requirements for Service Gateway virtual appliance outbound traffic differ
depending on your Trend Vision One environment. Refer to Firewall exception requirements for Trend Vision One to ensure you configure the correct "Allow" rules.
 |
NotePort 443 (HTTPS) is the only outbound port required for the Service Gateway exceptions
listed in Firewall exception requirements for Trend Vision One.
|