Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
D-1
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
A P P E N D I X
D
Firewall Information
The following table lists the possible ports that may need to be opened for proper operation of the Cisco
appliance (these are the default values).
appliance (these are the default values).
Table D-1
Firewall Ports
Port
Protocol
In/Out
Hostname
Description
20/21
TCP
In or Out
AsyncOS IPs, FTP Server FTP for aggregation of log files.
Data ports TCP 1024 and higher must
also all be open.
also all be open.
.
22
TCP
In
AsyncOS IPs
SSH access to the CLI, aggregation of
log files.
log files.
22
TCP
Out
SSH Server
SSH aggregation of log files.
22
TCP
Out
SCP Server
SCP Push to log server
25
TCP
Out
Any
SMTP to send email.
25
TCP
In
AsyncOS IPs
SMTP to receive bounced email or if
injecting email from outside firewall.
injecting email from outside firewall.
53
UDP/TCP
In & Out
DNS Servers
DNS if configured to use Internet root
servers or other DNS servers outside
the firewall. Also for SenderBase
queries.
servers or other DNS servers outside
the firewall. Also for SenderBase
queries.
80
HTTP
In
AsyncOS IPs
HTTP access to the GUI for system
monitoring.
monitoring.
80
HTTP
Out
downloads.ironport.com
Service updates, except for AsyncOS
upgrades and McAfee definitions.
upgrades and McAfee definitions.
80
HTTP
Out
updates.ironport.com
AsyncOS upgrades and McAfee
Anti-Virus definitions.
Anti-Virus definitions.
80
HTTP
Out
cdn-microupdates.cloud
mark.com
mark.com
Used for updates to third-party spam
component in Intelligent MultiScan.
Appliance must also connect to CIDR
range 208.83.136.0/22 for third-party
phone home updates.
component in Intelligent MultiScan.
Appliance must also connect to CIDR
range 208.83.136.0/22 for third-party
phone home updates.