Cisco Cisco Email Security Appliance X1070 Mode D'Emploi
D-2
Cisco AsyncOS 8.5.5 for Email Security User Guide
Appendix D Firewall Information
80
HTTP
Out
cdn-microupdates.cloud
mark.com
mark.com
Used for updates to third-party spam
component in Intelligent MultiScan.
Appliance must also connect to CIDR
range 208.83.136.0/22 for third-party
phone home updates.
component in Intelligent MultiScan.
Appliance must also connect to CIDR
range 208.83.136.0/22 for third-party
phone home updates.
82
HTTP
In
AsyncOS IPs
Used for viewing the Cisco Anti-Spam
quarantine.
quarantine.
83
HTTPS
In
AsyncOS IPs
Used for viewing the Cisco Anti-Spam
quarantine.
quarantine.
110
TCP
Out
POP Server
POP authentication for end users for
Cisco Spam Quarantine
Cisco Spam Quarantine
123
UDP
In & Out
NTP Server
NTP if time servers are outside
firewall.
firewall.
143
TCP
Out
IMAP Server
IMAP authentication for end users for
Cisco Spam Quarantine
Cisco Spam Quarantine
161
UDP
In
AsyncOS IPs
SNMP Queries
162
UDP
Out
Management Station
SNMP Traps
389
3268
LDAP
Out
LDAP Servers
LDAP if LDAP directory servers are
outside firewall. LDAP authentication
for Cisco Spam Quarantine
outside firewall. LDAP authentication
for Cisco Spam Quarantine
636
3269
3269
LDAPS
Out
LDAPS
LDAPS — ActiveDirectory’s Global
Catalog Server (uses SSL)
Catalog Server (uses SSL)
443
TCP
In
AsyncOS IPs
Secure HTTP (
https
) access to the
GUI for system monitoring.
443
TCP
Out
res.cisco.com
Cisco Registered Envelope Service
443
TCP
Out
update-manifests.ironport
.com
.com
Verify the latest files for the update
server.
server.
443
TCP
Out
phonehome.senderbase.or
g
g
Receive/Send Outbreak Filters
443
TCP
Out
In the command-line
interface, run the
interface, run the
websecurityadvancedco
nfig
command and accept
all defaults. The Web
security service hostname
is shown.
security service hostname
is shown.
Cloud service for obtaining URL
reputation and category information for
URL filtering.
reputation and category information for
URL filtering.
443
TCP
Out
As configured in Security
Services > File
Reputation and Analysis,
Advanced section.
Services > File
Reputation and Analysis,
Advanced section.
Access to cloud services for file
analysis.
analysis.
For file reputation services, see port
32137.
32137.
514
UDP/TCP
Out
Syslog Server
Syslog logging
628
TCP
In
AsyncOS IPs
QMQP if injecting email from outside
firewall.
firewall.
Table D-1
Firewall Ports (continued)