Pro správnou funkci všech služeb, od cloudu až po vyhodnocování neznámých vzorků je potřeba povolit následující porty, jinak nemusí všechny služby správně fungovat.
| A | B | C | D | E | F | |
|---|---|---|---|---|---|---|
1 | ||||||
2 | Component | Direction | Port | Source / Destination | Description | |
3 | Web Console (Control Center) | Inbound | 80 (HTTP) | Any | Access to the Control Center web console, redirect to 443 | |
4 | 443 (HTTPS) | Any | Access to the Control Center web console | |||
5 | Outbound | 27017 | GravityZone Database Server | Access to the GravityZone Database | ||
6 | 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | |||
7 | 389 (LDAP) | Active Directory Domain Controller | Active Directory integration | |||
8 | 636 (LDAPS) | |||||
9 | 3268 | Domain Controller Global Catalog | ||||
10 | 3269 | |||||
11 | 443 | NSX Manager | VMware NSX Manager integration | |||
12 | vCenter Server | Communication between GravityZone and vCenter Server | ||||
13 | lv2.bitdefender.com | License validation | ||||
14 | 7074 | GravityZone Update Server | Downloading updates | |||
15 | 7075 | |||||
16 | 9440 | Nutanix Prism Element | Nutanix Prism Element integration | |||
17 | Both | 22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster | ||
18 | 4369, 5672, 6150 | GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster | |||
19 | 32002 | Web Console | Communication between Web Console instances when this role is distributed | |||
20 | Communication Server | Inbound | 8443 | Any | Traffic management from/to Security Server, Security Agent, Mobile Client | |
21 | 8080 | Agent running on Windows XP / Windows Server 2003 | Communication between the GravityZone appliance and Security Agent. | |||
22 | Outbound | 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | ||
23 | 27017 | GravityZone Database Server | Access to the GravityZone Database | |||
24 | 5228, 5229, 5230 | Firebase Cloud Messaging | Push notifications to Android devices | |||
25 | 443 | Apple Push Notification service: api.push.apple.com | Push notifications to iOS devices. | |||
26 | 7074 | GravityZone Update Server | Downloading updates from the local Update Server | |||
27 | 7075 | |||||
28 | Both | 22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster | ||
29 | 4369, 5672, 6150 | GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster | |||
30 | Database Server | Inbound | 27017 | GravityZone Database Server | Access to other GravityZone database instances and replica set members. | |
31 | Outbound | 7074 | GravityZone Update Server | Downloading updates | ||
32 | 7075 | |||||
33 | 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | |||
34 | Both | 22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster | ||
35 | Update Server | Outbound | 80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Downloading updates from the online Bitdefender Update Servers (the official repository) | |
36 | download.bitdefender.com | Downloading installation kits | ||||
37 | 27017 | GravityZone Database Server | Access to the GravityZone Database | |||
38 | 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | |||
39 | 443 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Publishing updates | |||
40 | download.bitdefender.com | Downloading updates | ||||
41 | nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Global Protective Network | ||||
42 | Both | 22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster | ||
43 | 7074 | GravityZone Update Server | Downloading updates | |||
44 | 7075 | Outside proxy servers (if configured) download.bitdefender.com upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net lv2.bitdefender.com | Handles communication between GravityZone services and the outside world | |||
45 | 7077 | Any | Staging Update Server communication. | |||
46 | Report Builder Database | Inbound | 27017 | Report Builder Processors | Listening for requests | |
47 | Outbound | 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | ||
48 | 7074 | GravityZone Update Server | Downloading updates | |||
49 | 7075 | |||||
50 | Both | 22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster | ||
51 | Report Builder Processors | Inbound | 6379 | Communication Server | Listening for requests | |
52 | Outbound | 27017 | GravityZone Report Builder Database | Access to the Report Builder Database | ||
53 | 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | |||
54 | Both | 80 | Web Console | Access to Web Console, redirect HTTP request to port 443; Listening for requests | ||
55 | 443 | Web Console | Access to Web Console; Listening for requests | |||
56 | 22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster | |||
57 | Incidents Server | Inbound | 8444 | Security Agent | Traffic between the Security agent and the Incidents server. | |
58 | Relay Agent | Traffic between the Relay agent and the Incidents server. | ||||
59 | Outbound | 27017 | GravityZone Database Server | Access to the GravityZone Database | ||
60 | 7074 | GravityZone Update Server | Downloading updates from the local Update Server | |||
61 | 7075 | |||||
62 | 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | |||
63 | Both | 4369, 5672, 6150 | GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster. | ||
64 | 22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster. | |||
65 | Security Agent (BEST, Endpoint Security for Mac) | Outbound | 80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Downloading updates from the online Bitdefender Update Servers (the official repository) | |
66 | lv2.bitdefender.com | License validation | ||||
67 | 7074 | GravityZone Update Server | Downloading updates from GravityZone Update Server | |||
68 | Relay (if available) | Downloading installation packages in the deployment phase from the Relay Communication messages received from endpoints linked to the Relay | ||||
69 | 7076 | Bitdefender Global Protective Network: nimbus.bitdefender.net | Encrypted communication messages (when the Relay is used as a proxy) | |||
70 | 8080, 8443 | Communication Server | Link between the Security Agent and Communication Server Downloading installation packages during deployment (Setup Downloader) | |||
71 | 443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | |||
72 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Downloading updates from the online Bitdefender Update Servers (the official repository) over an encrypted channel | ||||
73 | Sandbox Analyzer Portal: sandbox-portal.gravityzone.bitdefender.com sandbox-portal-us.gravityzone.bitdefender.com | Communication between the feeding sensor and the virtual machines from Sandbox Analyzer Cluster on which the sample is detonated. | ||||
74 | Sandbox Analyzer VA | Communication between the feeding sensor and the virtual machines from Sandbox Analyzer Virtual Appliance on which the sample is detonated. | ||||
75 | nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Global Protective Network | ||||
76 | 7081 | Security Server | Antimalware scanning with Security Server | |||
77 | 7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption | |||
78 | Relay Agent | Inbound | 7074 | Security Agent | Communication messages (such as settings and events) received from endpoints linked to the Relay | |
79 | 7076 | Security Agent | Encrypted communication messages proxied from connected endpoints to Bitdefender Global Protective Network: nimbus.bitdefender.net | |||
80 | Outbound | 80 | ||||
81 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Downloading updates from the online Bitdefender Update Servers (the official repository) | ||||
82 | lv2.bitdefender.com | License validation | ||||
83 | 7074 | GravityZone Update Server | Downloading updates from GravityZone Update Server | |||
84 | Relay* (if available) | Downloading installation packages in the deployment phase from another Relay Communication messages received from endpoints linked to the Relay | ||||
85 | 7076 | Bitdefender Global Protective Network: nimbus.bitdefender.net | Encrypted communication messages received from endpoints linked to the Relay Agent | |||
86 | 7081 | Security Server | Antimalware scanning with Security Server | |||
87 | 7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption | |||
88 | 8080, 8443 | Communication Server | Link between the Relay Agent and Communication Server Downloading installation packages during deployment (Setup Downloader) | |||
89 | 443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | |||
90 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Downloading updates from the online Bitdefender Update Servers (the official repository) over an encrypted channel | ||||
91 | nimbus.bitdefender.net/elam/blob | Early Launch Anti-Malware (ELAM) cloud server | ||||
92 | nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Global Protective Network | ||||
93 | Bitdefender Tools (vShield) | Outbound | 48651 | Security Server | Antimalware traffic scanning sent by vShield driver | |
94 | 8443 | Communication Server | Link between Bitdefender Tools (for Linux) and Communication Server | |||
95 | Security Server (vShield) | Inbound | 48652 | Any | Communication between the hypervisor and Security Server | |
96 | 6379 | Security Server | Allows traffic between Security Servers for scan cache sharing protocol. | |||
97 | Outbound | 7074 | GravityZone Update Server | Downloading updates from GravityZone Update Server | ||
98 | 8443 | Communication Server | Antimalware traffic scanning sent by vShield driver | |||
99 | 443 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Fallback for downloading updates from the Bitdefender Update Servers (the official repository) over an encrypted channel | |||
100 | 80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Fallback for downloading updates from the Bitdefender Update Servers (the official repository) | |||
101 | Security Server (VMware NSX-T / NSX-V) | Inbound | 48652 | Guest Introspection driver | Communication between the hypervisor and Security Server | |
102 | 6379 | Security Server | Allows traffic between Security Servers for scan cache sharing protocol. | |||
103 | 22 | SSH Server | Allows remote SSH connections and file downloading from the Security Server quarantine. | |||
104 | Outbound | 7074 | GravityZone Update Server | Downloading updates from Update Server | ||
105 | 80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Fallback for downloading updates from the Bitdefender Update Servers (the official repository) | |||
106 | download.bitdefender.com | Downloading installation kits | ||||
107 | 443 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Fallback for downloading updates from the Bitdefender Update Servers (the official repository) over an encrypted channel | |||
108 | download.bitdefender.com | Downloading updates | ||||
109 | 8443 | Communication Server | Link between Security Server and Communication Server | |||
110 | Bitdefender Tools (Multi-Platform) | Outbound | 7081 | Security Server | Antimalware scanning with Security Server | |
111 | 7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption | |||
112 | 8443 | Communication Server | Communication between Bitdefender Tools and Communication Server Downloading installation packages during deployment | |||
113 | 7074 | GravityZone Update Server | Downloading updates | |||
114 | 443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | |||
115 | 80 | nimbus.bitdefender.net | Antimalware scanning with Bitdefender Global Protective Network | |||
116 | Security Server (Multi-Platform) | Inbound | 1344 | Any | Communication between NAS devices compliant with ICAP and Security Server | |
117 | 7081 | Any | Antimalware traffic scanning sent by Security Agent | |||
118 | 7083 | Any | Antimalware traffic scanning sent by Security Agent over SSL | |||
119 | 6379 | Security Server | Allows traffic between Security Servers for scan cache sharing protocol. | |||
120 | Outbound | 443 | nimbus.bitdefender.net/katastif/manager | Anonymized information regarding violations detected by Bitdefender HVI | ||
121 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Fallback for downloading updates from the online Bitdefender Update Servers (the official repository) over an encrypted channel | ||||
122 | download.bitdefender.com | Downloading updates | ||||
123 | nimbus.bitdefender.net | Periodical verification of antimalware detections with Bitdefender Global Protective Network | ||||
124 | 7074 | GravityZone Update Server | Downloading updates from GravityZone Update Server | |||
125 | 8443 | Communication Server | Link between Security Server and Communication Server | |||
126 | 80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Fallback for downloading updates from the Bitdefender Update Servers (the official repository) | |||
127 | download.bitdefender.com | Downloading installation kits | ||||
128 | Sandbox Analyzer VA | Inbound | 443 | Any | Communication between the feeding sensors and the virtual machines from Sandbox Analyzer Virtual Appliance on which the sample is detonated. | |
129 | Outbound | 8443 | Communication Server | Communication between Sandbox Analyzer Virtual Appliance and Communication Server. | ||
130 | Network Security VA | Outbound | 443 | Sandbox Analyzer VA | Communication between the Network Security VA (Network Sensor) and the virtual machines from Sandbox Analyzer Virtual Appliance on which the sample is detonated. | |
131 | 8443 | Communication Server | Communication between Network Security Virtual Appliance (Network Sensor) and Communication Server. | |||
132 | GravityZone Mobile Client | Outbound | 8443 | Communication Server | Mobile Client management | |
133 | 443 | nimbus.bitdefender.net | Antimalware and web security scanning with Bitdefender Global Protective Network (Android devices only) | |||
134 | Secure VPN Cluster | Both | 4500 (UDP) | GravityZone virtual appliances | Used for NAT traversal mode | |
135 | 500 (UDP) | GravityZone virtual appliances | Allows Internet Security Association and Key Management Protocol (ISAKMP) traffic between GravityZone virtual appliances using the IPsec tool. |
Aktualizovaný seznam portů naleznete vždy zde: Bitdefender GravityZone (On-premises) Communication Ports