Forcepoint NGFW Engine ports

The most important default ports used in communications to and from NGFW Engines and Master NGFW Engines are presented in the following illustrations.

See the table for a complete list of default ports for the engines.

Note: Master NGFW Engines use the same default ports as clustered NGFW Engines. Virtual NGFW Engines do not communicate directly with other system components.

Figure: Destination ports for basic NGFW Engine communications



Figure: Default destination ports for NGFW Engine service communications



This table lists the default ports for NGFW Engines and Master NGFW Engines. Many of these ports can be changed. The names of corresponding default Service elements are also included for your reference.

Table 1. NGFW Engine and Master NGFW Engine default ports
Listening host Port/protocol Contacting hosts Service description Service element name
Certificate Revocation List (CRL) server 80/TCP Firewall Online certificate status protocol (OCSP) queries and fetching CRLs. HTTP
DHCP server 67/UDP Firewall Relayed DHCP requests and requests from a firewall that uses dynamic IP address. BOOTPS (UDP)
DHCPv6 server 547/UDP Firewall Requests from a firewall that uses dynamic IPv6 address. N/A
External DNS server 53/UDP, 53/TCP Firewall, Master NGFW Engine DNS resolution and dynamic DNS updates. DNS (TCP), DNS (UDP)
File reputation server 443/TCP Firewall, Layer 2 Firewall, IPS, Master NGFW Engine GTI File Reputation Server HTTPS
Firewall 67/UDP Any DHCP relay on firewall engine. BOOTPS (UDP)
Firewall 68/UDP DHCP server Replies to DHCP requests. BOOTPC (UDP)
Firewall 80/TCP Clients that need to authenticate to the Firewall Browser Based User Authentication HTTP
Firewall 443/TCP Clients that need to authenticate to the Firewall Browser Based User Authentication HTTPS
Firewall 443/TCP VPN clients using SSL tunneling VPN client SSL tunneling TLS
Firewall 443/TCP SSL Portal users SSL VPN Portal HTTPS
Firewall 546/UDP DHCPv6 server Replies to DHCPv6 requests. N/A
Firewall, Master NGFW Engine 53/UDP, 53/TCP Clients in the internal network DNS relay DNS (TCP), DNS (UDP)
Firewall, Master NGFW Engine 500/UDP VPN clients, VPN gateways VPN negotiations, VPN traffic. ISAKMP (UDP)
Firewall, Master NGFW Engine 636/TCP Management Server Internal user database replication. LDAPS (TCP)
Firewall, Master NGFW Engine 4500/UDP VPN client, VPN gateways VPN traffic using NAT-traversal. NAT-T
Firewall Cluster Node, Master NGFW Engine cluster node 3000-3001/UDP, 3002–3003, 3010/TCP Firewall Cluster Node, Master NGFW Engine cluster node Heartbeat and state synchronization between clustered Firewalls. SG State Sync (Multicast), SG State Sync (Unicast), SG Data Sync
Firewall, Layer 2 Firewall, IPS, Master NGFW Engine 22/TCP Terminal clients SSH connections to the engine command line.
Note: Do not use SSH in FIPS mode.
SSH
Firewall, Layer 2 Firewall, IPS, Master NGFW Engine 4950/TCP Management Server Remote upgrade. SG Remote Upgrade
Firewall, Layer 2 Firewall, IPS, Master NGFW Engine 4987/TCP Management Server Management Server commands and policy upload. SG Commands
Firewall, Layer 2 Firewall, IPS, Master NGFW Engine 15000/TCP Management Server, Log Server Blacklist entries. SG Blacklisting
Firewall, Layer 2 Firewall, IPS, Master NGFW Engine 161/UDP SNMP server SNMP monitoring. SNMP (UDP)
Firewall, Layer 2 Firewall, IPS 9111/TCP Forcepoint Endpoint Context Agent (ECA) client Endpoint information from the ECA client. N/A
Forcepoint User ID Service server 5000/TCP Firewall, Layer 2 Firewall, IPS Information about user name and IP address mappings. N/A
IPS Cluster Node 3000-3001/UDP, 3002–3003, 3010/TCP IPS Cluster Node Heartbeat and state synchronization between clustered IPS engines. SG State Sync (Multicast), SG State Sync (Unicast), SG Data Sync
LDAP server 389/TCP Firewall, Master NGFW Engine External LDAP queries, including StartTLS connections. LDAP (TCP)
Layer 2 Firewall Cluster Node 3000-3001/UDP, 3002–3003, 3010/TCP Layer 2 Firewall Cluster Node Heartbeat and state synchronization between clustered Layer 2 Firewalls. SG State Sync (Multicast), SG State Sync (Unicast), SG Data Sync
Log Server 3020/TCP Firewall, Layer 2 Firewall, IPS, Master NGFW Engine Log and alert messages; monitoring of blacklists, connections, status, and statistics. SG Log
Malware signature server 80/TCP Firewall, Layer 2 Firewall, IPS, Master NGFW Engine Malware signature update service. HTTP
Management Server 3021/TCP Firewall, Layer 2 Firewall, IPS, Master NGFW Engine System communications certificate request/renewal (initial contact). SG Initial Contact
Management Server 8906/TCP Firewall, Layer 2 Firewall, IPS Management connection for engines with "Node-Initiated Contact to Management Server" selected. SG Dynamic Control
RADIUS server 1812, 1645/UDP Firewall, Master NGFW Engine RADIUS authentication requests. RADIUS (Authentication), RADIUS (Old)
RPC server 111/UDP, 111/TCP Firewall, Master NGFW Engine RPC number resolve. SUNRPC (UDP), Sun RPC (TCP)
Server Pool Monitoring Agents 7777/UDP Firewall, Master NGFW Engine Polls to the servers' Server Pool Monitoring Agents for availability and load information. SG Server Pool Monitoring
SNMP server 162/UDP Firewall, Layer 2 Firewall, IPS, Master NGFW Engine SNMP traps from the engine. SNMP Trap (UDP)
TACACS+ server 49/TCP Firewall, Master NGFW Engine TACACS+ authentication requests. TACACS (TCP)
ThreatSeeker Intelligence Cloud server 443/TCP Firewall, Layer 2 Firewall, IPS, Master NGFW Engine ThreatSeeker Intelligence Cloud URL categorization service. HTTPS
VPN gateways 500, 4500/UDP Firewall, Master NGFW Engine VPN traffic. Ports 443/TCP (or custom port) can also be used, depending on encapsulation options. ISAKMP (UDP)