Cisco Cisco Web Security Appliance S670 User Guide

Information about every file that is sent to the cloud for analysis and has a verdict of “malicious” is 
added to the reputation database. This information is used along with other data to determine a 
reputation score. 

Information about files analyzed by an on-premises Cisco AMP Threat Grid appliance is not shared 
with the reputation service. 

All Web Security appliances that use these services must be able to connect to them directly over 
the Internet (excluding file reputation and analysis services configured to use an on-premises 
appliance.) 

By default, communication with file reputation and analysis services is routed through the 
Management port (M1) on the appliance. If your appliance does not route data through the 
management port, see 

. 

The following firewall ports must be open: 

When you configure the file reputation feature, choose whether to use SSL over port 443. 

32137 
(default) 
or 443 

Access to cloud services 
for obtaining file 
reputation. 

TCP 

Out 

As configured in Security Services > 
Anti-Malware and Reputation, Advanced 
section: Advanced Settings for File Reputation, 
SSL Communication for File Reputation 
section. 

Management, 
unless a static 
route is 
configured to 
route this 
traffic through 
a data port. 

443

Access to cloud services 
for file analysis. 

TCP 

Out 

As configured in Security Services > 
Anti-Malware and Reputation, Advanced 
section: Advanced Settings for File Analysis.