Views:
Server & Workload Protection components communicate over your network. They use:
Before deployment, your network administrator might need to configure firewalls, AWS security groups, and web proxies to allow those network services.
Note
Note
Default settings are shown. Many network settings are configurable. For example, if your network has a web proxy, you could configure agents to connect through it on port 1443, instead of directly to Server & Workload Protection on port 443. If you change the default settings, then firewalls must allow communications via the new settings instead.
For a basic overview, see the network diagram below. For details, see the required port numbers, IP addresses, and URLs tables after the diagram.
ports-diagram-dsaas=55900467-32c9-435a-82b9-92f3c916655e.png

Required Server & Workload Protection IP addresses and port numbers

The table below is organized by source address (the deployment component which starts the TCP connection or UDP session). Replies (packets in the same connection but opposite direction, from the destination address) usually must be allowed, too.
Server & Workload Protection servers usually have dynamic IP addresses (that is, other computers in your deployment use DNS queries to find the current IP address of a Server & Workload Protection FQDN when required). For the list of Server & Workload Protection domain names, see Required Server & Workload Protection URLs.
Some ports are required only if you use specific components and features. Some services might have static IP addresses. These exceptions and optional features are indicated.
Note
Note
All ports in the table are destination ports (also called listening ports). Like many software, Server & Workload Protection also uses a range of dynamic, ephemeral source ports when opening a socket. Rarely, ephemeral source ports might be blocked, which causes connectivity issues. If that happens, then you must also open the source ports.
Source Address
Destination Address
Port (Default)
Protocol
Administrator's computer
DNS server
53
DNS over UDP
NTP server
123
NTP over UDP
Server & Workload Protection
443
HTTPS over TCP
Server & Workload Protection
Subnets:
  • Australia:
    3.26.127.96/27
  • Canada:
    3.99.65.64/27
  • Germany:
    3.69.198.64/27
  • India:
    3.108.13.32/27
  • Japan:
    35.75.131.96/27
  • Singapore:
    13.214.15.0/27
  • UK:
    18.169.230.160/27
  • USA:
    3.140.136.224/27
514
Syslog over UDP
6514
Syslog over TLS
Agents,
Note
Note
4118
HTTPS over TCP
Agents
DNS server
53
DNS over UDP
NTP server
123
NTP over UDP
514
Syslog over UDP
Server & Workload Protection
443
HTTPS over TCP
4122
HTTPS over TCP
Smart Protection Network
80
HTTP over TCP
443
HTTPS over TCP
8080
HTTP over TCP
80
HTTP over TCP
443
HTTPS over TCP
5274
HTTP over TCP
5275
HTTPS over TCP
4122
HTTPS over TCP
Localhost
(on relays, its agent connects locally, not to a remote relay)
Only configure if the server's other software uses the same port (a port conflict), or if host firewalls such as iptables or Windows Firewall block localhost connections (server connecting internally to itself). Network firewalls do not need to allow this port because localhost connections do not reach the network.
4123
N/A
80
HTTP over TCP
443
HTTP over TCP
Download Center, or its mirror on a local web server(if any)
Accounts created before 2020-11-23:
443
HTTPS over TCP
DNS server
53
DNS over UDP
NTP server
123
NTP over UDP
Server & Workload Protection
443
HTTPS over TCP
VMware vCenter
443
HTTPS over TCP
Microsoft Active Directory
389
STARTTLS and LDAP over TCP and UDP
636
LDAPS over TCP and UDP
DNS server
53
DNS over UDP
NTP server
123
NTP over UDP
Trend Micro Smart Protection Network(for File Reputation feature)
80
HTTP over TCP
443
HTTPS over TCP
Server & Workload Protection
443
HTTPS over TCP