Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
C-1
AsyncOS 9.5.2 for Cisco Content Security Management Appliances User Guide
A P P E N D I X
C
Firewall Information
The following table lists the possible ports that may need to be opened for proper operation of the Cisco
Content Security appliance (these are the default values).
Content Security appliance (these are the default values).
Table C-1
Firewall Ports
Default
Port Protocol
Port Protocol
In/Out Hostname
Purpose
20/21
TCP
In or out AsyncOS IPs, FTP server
FTP for aggregation of log files.
Data ports TCP 1024 and higher must also all be open.
For more information, search for FTP port information in the
Knowledge Base. See
Knowledge Base. See
22
SSH
Out
AsyncOS IPs
Centralized configuration manager configuration push.
Also used for backups.
22
TCP
In
AsyncOS IPs
SSH access to the CLI, aggregation of log files.
22
TCP
Out
SCP server
SCP push to log server.
23
Telnet
In
AsyncOS IPs
Telnet access to the CLI.
23
Telnet
Out
Telnet server
Telnet upgrades.
25
TCP
Out
Any
SMTP to send email.
25
TCP
In
AsyncOS IPs
SMTP to receive bounced email or if injecting email from
outside firewall.
outside firewall.
80
HTTP
In
AsyncOS IPs
HTTP access to the GUI for system monitoring.
80
HTTP
Out
downloads.cisco.com
Service updates, except for AsyncOS upgrades.
80
HTTP
Out
updates.cisco.com
AsyncOS upgrades.
82
HTTP
In
AsyncOS IPs
Used for viewing the
spam quarantine.
83
HTTPS
In
AsyncOS IPs
Used for viewing the
spam quarantine.
53
UDP/T
CP
CP
Out
DNS servers
DNS if configured to use Internet root servers or other DNS
servers outside the firewall. Also for SenderBase queries.
servers outside the firewall. Also for SenderBase queries.
110
TCP
Out
POP server
POP authentication for end users for spam quarantine.
123
UDP
Out
NTP server
NTP if time servers are outside firewall.
143
TCP
Out
IMAP server
IMAP authentication for end users for spam quarantine.