Cisco Cisco Firepower Management Center 4000

161/udp

SNMP

Bidirectional

Any except X-Series

allow access to an appliance’s MIBs via 
SNMP polling.

162/udp

SNMP

Outbound

Any

send SNMP alerts to a remote trap server.

389/tcp

636/tcp

LDAP

Outbound

Any except virtual 
devices and X-Series

communicate with an LDAP server for 
external authentication.

389/tcp

636/tcp

LDAP

Outbound

Defense Center

obtain metadata for detected LDAP users.

443/tcp

HTTPS

Inbound

Any except virtual 
devices and X-Series

access an appliance’s web interface.

443/tcp

HTTPS

AMQP

cloud comms.

Bidirectional

Defense Center

obtain:

software, intrusion rule, VDB, and 
GeoDB updates

URL category and reputation data 
(port 80 also required)

the Cisco Intelligence feed and other 
secure Security Intelligence feeds

endpoint-based (FireAMP) malware 
events

malware dispositions for files 
detected in network traffic

dynamic analysis information on 
submitted files

Series 2 and Series 3 
devices

download software updates using the 
device’s local web interface.

Series 3 and virtual 
devices, X-Series

submit files to for dynamic analysis.

514/udp

syslog 

Outbound

Any

send alerts to a remote syslog server.

623/udp

SOL/LOM

Bidirectional

Series 3

allow you to perform Lights-Out 
Management using a Serial Over LAN 
(SOL) connection.

1500/tcp

2000/tcp

database access

Inbound

Defense Center

allow read-only access to the database by 
a third-party client.

1812/udp

1813/udp

RADIUS

Bidirectional

Any except virtual 
devices and X-Series

communicate with a RADIUS server for 
external authentication and accounting.

3306/tcp

User Agent

Inbound

Defense Center

communicate with User Agents.

8302/tcp

eStreamer

Bidirectional

Any except virtual 
devices and X-Series

communicate with an eStreamer client.

8305/tcp

appliance 
comms.

Bidirectional

Any

securely communicate between 
appliances in a deployment. Required.