Cisco Cisco Firepower Management Center 4000
E-4
FireSIGHT System User Guide
Appendix E Security, Internet Access, and Communication Ports
Communication Ports Requirements
161/udp
SNMP
Bidirectional
Any except X-Series
allow access to an appliance’s MIBs via
SNMP polling.
SNMP polling.
162/udp
SNMP
Outbound
Any
send SNMP alerts to a remote trap server.
389/tcp
636/tcp
LDAP
Outbound
Any except virtual
devices and X-Series
devices and X-Series
communicate with an LDAP server for
external authentication.
external authentication.
389/tcp
636/tcp
LDAP
Outbound
Defense Center
obtain metadata for detected LDAP users.
443/tcp
HTTPS
Inbound
Any except virtual
devices and X-Series
devices and X-Series
access an appliance’s web interface.
443/tcp
HTTPS
AMQP
cloud comms.
Bidirectional
Defense Center
obtain:
•
software, intrusion rule, VDB, and
GeoDB updates
GeoDB updates
•
URL category and reputation data
(port 80 also required)
(port 80 also required)
•
the Cisco Intelligence feed and other
secure Security Intelligence feeds
secure Security Intelligence feeds
•
endpoint-based (FireAMP) malware
events
events
•
malware dispositions for files
detected in network traffic
detected in network traffic
•
dynamic analysis information on
submitted files
submitted files
Series 2 and Series 3
devices
devices
download software updates using the
device’s local web interface.
device’s local web interface.
Series 3 and virtual
devices, X-Series
devices, X-Series
submit files to for dynamic analysis.
514/udp
syslog
Outbound
Any
send alerts to a remote syslog server.
623/udp
SOL/LOM
Bidirectional
Series 3
allow you to perform Lights-Out
Management using a Serial Over LAN
(SOL) connection.
Management using a Serial Over LAN
(SOL) connection.
1500/tcp
2000/tcp
database access
Inbound
Defense Center
allow read-only access to the database by
a third-party client.
a third-party client.
1812/udp
1813/udp
RADIUS
Bidirectional
Any except virtual
devices and X-Series
devices and X-Series
communicate with a RADIUS server for
external authentication and accounting.
external authentication and accounting.
3306/tcp
User Agent
Inbound
Defense Center
communicate with User Agents.
8302/tcp
eStreamer
Bidirectional
Any except virtual
devices and X-Series
devices and X-Series
communicate with an eStreamer client.
8305/tcp
appliance
comms.
comms.
Bidirectional
Any
securely communicate between
appliances in a deployment. Required.
appliances in a deployment. Required.
Table E-2
Default Communication Ports for FireSIGHT System Features and Operations (continued)
Port
Description
Direction
Is Open on...
To...