Security Management Center ports

The most important default ports used in communications to and from SMC components are presented in the following illustrations.

Figure: Destination ports for basic communications within the SMC



Figure: Default destination ports for optional SMC components and features



This table lists the default ports SMC uses internally and with external components. Many of these ports can be changed. The names of corresponding default Service elements are also included for your reference.

Table 1. SMC default ports
Listening host Port/protocol Contacting hosts Service description Service element name
Additional Management Servers 8902- 8913/TCP Management Server Database replication (push) to the additional Management Server. SG Control
DNS server 53/UDP, 53/TCP Management Client, Management Server, Log Server DNS queries. DNS (UDP)
LDAP server 389/TCP Management Server External LDAP queries for display/editing in the Management Client. LDAP (TCP)
Log Server 162/UDP, 5162/UDP Monitored third-party components

SNMPv1 trap reception from third-party components.

Port 162 is used if installed on Windows, port 5162 if installed on Linux.

SNMP (UDP)
Log Server 514/TCP, 514/UDP, 5514/TCP, 5514/UDP Monitored third-party components

Syslog reception from third-party components.

Port 514 is used if installed on Windows, port 5514 if installed on Linux.

Syslog (UDP) [Partial match]
Log Server 2055/UDP Monitored third-party components NetFlow or IPFIX reception from third-party components. Port 2055 is used in both Windows and Linux. NetFlow (UDP)
Log Server 3020/TCP Log Server, Web Portal Server, NGFW Engines

Alert sending from the Log Server and Web Portal Server.

Log and alert messages; monitoring of blacklists, connections, status, and statistics from NGFW Engines.

SG Log
Log Server 8914-8918/TCP Management Client Log browsing. SG Data Browsing
Log Server 8916-8917/TCP Log Server, Web Portal Server Database replication (push) to the Log Server; Log browsing on the Web Portal Server. SG Data Browsing (Web Portal Server)
Management Server 3021/TCP Log Server, Web Portal Server System communications certificate request/renewal. SG Log Initial Contact
Management Server 8902-8913/TCP Management Client, Log Server, Web Portal Server Monitoring and control connections. SG Control
Management Server 3023/TCP Additional Management Servers, Log Server, Web Portal Server

Log Server and Web Portal Server status monitoring.

Status information from an additional Management Server to the active Management Server.

SG Status Monitoring
Management Server 8903, 8907/TCP Additional Management Servers Database replication (pull) to the additional Management Server. SG Control
Management Server 8085/TCP SMC Web Access clients Communication for using SMC Web Access. HTTPS
Management Server 80/TCP, 8080/TCP Java Web Start clients Communication for using Java Web Start. HTTP
Monitored third-party components 161/UDP Log Server SNMP status probing to external IP addresses. SNMP (UDP)
NTP server 123/TCP or UDP SMC Appliance Receiving NTP information. NTP
RADIUS server 1812/UDP Management Server

RADIUS authentication requests for administrator logon.

The default ports can be edited in the properties of the RADIUS Server element.

RADIUS (Authentication)
Forcepoint NGFW update service 443/TCP SMC servers Update packages, engine upgrades, and licenses. HTTPS
SMC Appliance 161/UDP Third-party components Requesting health and other information about the SMC Appliance. SNMP
Update servers 443/TCP SMC Appliance Receiving appliance patches and updates. HTTPS
SMC Appliance 22/TCP Terminal clients SSH connections to the command line of the SMC Appliance.
Note: Do not use SSH in FIPS mode.
SSH
Syslog server 514/UDP, 5514/UDP Log Server

Log data forwarding to syslog servers.

The default ports can be edited in the LogServerConfiguration.txt file.

Syslog (UDP) [Partial match]

Terminal Client

Firewall, Layer 2 Firewall, IPS, Master NGFW Engine

22/TCP SMC Appliance Contacting engines and moving SMC Appliance backups off the appliance.
Note: Do not use SSH in FIPS mode.
SSH
Third-party components 2055/UDP Log Server

NetFlow or IPFIX forwarding to third-party components.

Port 2055 is used in both Windows and Linux.

NetFlow (UDP)
Third-party components 162/UDP SMC Appliance Sending SNMP status probing to external devices. SNMP
Third-party components 445/TCP SMC Appliance Moving SMC Appliance backups off the appliance.
Note: You cannot use CIFS in FIPS mode.
CIFS
Web Portal Server 8931/TCP Log Server Connections from the Log Server to the Web Portal Server SG Web Portal Control
Web Portal Server 8083/TCP SMC Web Access clients Communication for using SMC Web Access. HTTPS