Security Management Center ports
The most important default ports used in communications to and from SMC components are presented in the following illustrations.
Figure: Destination ports for basic communications within the SMC
Figure: Default destination ports for optional SMC components and features
This table lists the default ports SMC uses internally and with external components. Many of these ports can be changed. The names of corresponding default Service elements are also included for your reference.
| Listening host | Port/protocol | Contacting hosts | Service description | Service element name |
|---|---|---|---|---|
| Additional Management Servers | 8902- 8913/TCP | Management Server | Database replication (push) to the additional Management Server. | SG Control |
| DNS server | 53/UDP, 53/TCP | Management Client, Management Server, Log Server | DNS queries. | DNS (UDP) |
| LDAP server | 389/TCP | Management Server | External LDAP queries for display/editing in the Management Client. | LDAP (TCP) |
| Log Server | 162/UDP, 5162/UDP | Monitored third-party components |
SNMPv1 trap reception from third-party components. Port 162 is used if installed on Windows, port 5162 if installed on Linux. |
SNMP (UDP) |
| Log Server | 514/TCP, 514/UDP, 5514/TCP, 5514/UDP | Monitored third-party components |
Syslog reception from third-party components. Port 514 is used if installed on Windows, port 5514 if installed on Linux. |
Syslog (UDP) [Partial match] |
| Log Server | 2055/UDP | Monitored third-party components | NetFlow or IPFIX reception from third-party components. Port 2055 is used in both Windows and Linux. | NetFlow (UDP) |
| Log Server | 3020/TCP | Log Server, Web Portal Server, NGFW Engines |
Alert sending from the Log Server and Web Portal Server. Log and alert messages; monitoring of blacklists, connections, status, and statistics from NGFW Engines. |
SG Log |
| Log Server | 8914-8918/TCP | Management Client | Log browsing. | SG Data Browsing |
| Log Server | 8916-8917/TCP | Log Server, Web Portal Server | Database replication (push) to the Log Server; Log browsing on the Web Portal Server. | SG Data Browsing (Web Portal Server) |
| Management Server | 3021/TCP | Log Server, Web Portal Server | System communications certificate request/renewal. | SG Log Initial Contact |
| Management Server | 8902-8913/TCP | Management Client, Log Server, Web Portal Server | Monitoring and control connections. | SG Control |
| Management Server | 3023/TCP | Additional Management Servers, Log Server, Web Portal Server |
Log Server and Web Portal Server status monitoring. Status information from an additional Management Server to the active Management Server. |
SG Status Monitoring |
| Management Server | 8903, 8907/TCP | Additional Management Servers | Database replication (pull) to the additional Management Server. | SG Control |
| Management Server | 8085/TCP | SMC Web Access clients | Communication for using SMC Web Access. | HTTPS |
| Management Server | 80/TCP, 8080/TCP | Java Web Start clients | Communication for using Java Web Start. | HTTP |
| Monitored third-party components | 161/UDP | Log Server | SNMP status probing to external IP addresses. | SNMP (UDP) |
| NTP server | 123/TCP or UDP | SMC Appliance | Receiving NTP information. | NTP |
| RADIUS server | 1812/UDP | Management Server |
RADIUS authentication requests for administrator logon. The default ports can be edited in the properties of the RADIUS Server element. |
RADIUS (Authentication) |
| Forcepoint NGFW update service | 443/TCP | SMC servers | Update packages, engine upgrades, and licenses. | HTTPS |
| SMC Appliance | 161/UDP | Third-party components | Requesting health and other information about the SMC Appliance. | SNMP |
| Update servers | 443/TCP | SMC Appliance | Receiving appliance patches and updates. | HTTPS |
| SMC Appliance | 22/TCP | Terminal clients | SSH connections to the command line of the SMC Appliance. Note: Do not use SSH in FIPS mode.
|
SSH |
| Syslog server | 514/UDP, 5514/UDP | Log Server |
Log data forwarding to syslog servers. The default ports can be edited in the LogServerConfiguration.txt file. |
Syslog (UDP) [Partial match] |
|
Terminal Client Firewall, Layer 2 Firewall, IPS, Master NGFW Engine |
22/TCP | SMC Appliance | Contacting engines and moving SMC Appliance backups off the appliance. Note: Do not use SSH in FIPS mode.
|
SSH |
| Third-party components | 2055/UDP | Log Server |
NetFlow or IPFIX forwarding to third-party components. Port 2055 is used in both Windows and Linux. |
NetFlow (UDP) |
| Third-party components | 162/UDP | SMC Appliance | Sending SNMP status probing to external devices. | SNMP |
| Third-party components | 445/TCP | SMC Appliance | Moving SMC Appliance backups off the appliance. Note: You cannot use CIFS in FIPS mode.
|
CIFS |
| Web Portal Server | 8931/TCP | Log Server | Connections from the Log Server to the Web Portal Server | SG Web Portal Control |
| Web Portal Server | 8083/TCP | SMC Web Access clients | Communication for using SMC Web Access. | HTTPS |