Kaspersky Anti Targeted Attack Platform

Configuring firewall rules

For the Kaspersky Anti Targeted Attack Platform application and its components to work correctly, you must configure firewall rules.

Network communication on computers with Kaspersky Anti Targeted Attack Platform components is managed by the iptables utility built into the operating system (Ubuntu, Astra Linux). The ports are described in iptables terms.

In this section

Ports used on computers with Kaspersky Anti Targeted Attack Platform components

Ports used by Kaspersky Anti Targeted Attack Platform services in a cluster configuration

Ports used by services of a Central Node deployed as a server

Ports used by services in a configuration with the Sensor component installed on a standalone server

Ports for communication between network traffic analysis services

Page top
[Topic 299286]

Ports used on computers with Kaspersky Anti Targeted Attack Platform components

The described rules apply to all types of hosts, regardless of configuration. The rules are applied via the kata-firewall systemd service, only for the INPUT and DOCKER-USER chains.

INPUT chain

This chain manages all connections to computers with Kaspersky Anti Targeted Attack Platform components.

Networking rules are listed in the table below.

Networking rules for the INPUT chain

Destination service or protocol

Port

Protocol

sport

dport

Access from external network

SSH

22

TCP

Inaccessible

Accessible

Accessible

SMTP

25

TCP

Inaccessible

Accessible

Accessible

DNS

53

TCP

Inaccessible

Accessible

Accessible

HTTP

80

TCP

Inaccessible

Accessible

Accessible

SNMPD

161

UDP

Inaccessible

Accessible

Accessible

HTTPS

443

TCP

Inaccessible

Accessible

Accessible

preprocessor_icap

1334

TCP

Inaccessible

Accessible

Accessible

docker swarm

2377

TCP

Accessible

Accessible

Inaccessible

etcd

2379

TCP

Inaccessible

Accessible

Accessible

etcd

2380

TCP

Inaccessible

Accessible

Accessible

ceph_mon

3300

TCP

Inaccessible

Accessible

Accessible

VXLAN

4789

TCP/UDP

Accessible

Accessible

Inaccessible

ceph_mon

6789

TCP

Inaccessible

Accessible

Accessible

сeph OSD

6800:6900

TCP

Inaccessible

Accessible

Accessible

docker swarm

7946

TCP/UDP

Accessible

Accessible

Inaccessible

ipsec_manager

8084

TCP

Accessible

Accessible

Inaccessible

pcap_manager

8085

TCP

Inaccessible

Accessible

Accessible

HTTPS

8443

TCP/UDP

Not available

Accessible

Accessible

HTTPS

8444

TCP/UDP

Not available

Accessible

Accessible

suricata_metrics_exporter

9103

TCP

Accessible

Accessible

Inaccessible

node_exporter

9141

TCP

Accessible

Accessible

Inaccessible

cadvisor

9142

TCP

Accessible

Accessible

Inaccessible

preprocessor_metrics_exporter

9191

TCP

Accessible

Accessible

Inaccessible

pcap_manager_metrics_exporter

9192

TCP

Accessible

Accessible

Inaccessible

ceph_mgr

9283

TCP

Inaccessible

Accessible

Accessible

ceph_rgw

9284

TCP

Inaccessible

Accessible

Accessible

NDR sensor

9443

TCP

Inaccessible

Accessible

Accessible

kafka bootstrap

11000:11006

TCP

Inaccessible

Accessible

Accessible

DOCKER-USER chain

This chain manages network connections for addressing of application components. Networking rules are listed in the table below.

Networking rules for the DOCKER-USER chain

Destination service or protocol

Port

Protocol

sport

dport

SMTP

25

TCP

Inaccessible

Accessible

DNS

53

TCP/UDP

Not available

Accessible

HTTP

80

TCP

Inaccessible

Accessible

HTTPS

443

TCP

Inaccessible

Accessible

preprocessor_icap

1344

UDP

Inaccessible

Accessible

NDR NATS (KICKS NAT)

7423

TCP

Inaccessible

Accessible

NDR public API

8070

TCP

Inaccessible

Accessible

deployment API

8080

TCP

Accessible

Accessible

deployment management API

8090

TCP

Accessible

Accessible

authorization service

8091

TCP

Accessible

Accessible

HTTPS

8443

TCP

Inaccessible

Accessible

apt collector ssl

9081

TCP

Inaccessible

Accessible

Sensor

9443

TCP

Inaccessible

Accessible

NDR EKA

13520

TCP

Inaccessible

Accessible

Page top

[Topic 299071]

Ports used by Kaspersky Anti Targeted Attack Platform services in a cluster configuration

For the application to work correctly in a cluster configuration, you must configure network access for our outgoing connections in accordance with the table below.

Ports used by Kaspersky Anti Targeted Attack Platform services in a cluster configuration

Service

Port

Protocol

agent_database_configurator

2379

TCP

agent_database_configurator

5432

TCP

agent_database_synchronizer

2379

TCP

agent_database_synchronizer

5432

TCP

agent_database_synchronizer

9092

TCP

agent_database_synchronizer

9100

TCP

agent_database_synchronizer

10000:10010

TCP

agent_server

1080

TCP

agent_server

2379

TCP

agent_server

5432

TCP

agent_server

8100

TCP

agent_server

9090

TCP

agent_server

9284

TCP

antiapt_database_configurator

2379

TCP

antiapt_database_configurator

5432

TCP

authorization_service

2379

TCP

authorization_service

4567

TCP

authorization_service

8090

TCP

authorization_service

8443

TCP

authorization_service

8701

TCP

authorization_service

8899

TCP

cadvisor

Any

Any

ceph_management_api

2379

TCP

ceph_management_api

3300

TCP

ceph_management_api

6789

TCP

ceph_management_api

8765

TCP

ceph_management_api

8080

TCP

ceph_management_api

9283

TCP

ceph_management_api

9284

TCP

ceph_mgr

2379

TCP

ceph_mgr

3300

TCP

ceph_mgr

6789

TCP

ceph_mgr

6800:6900

TCP

ceph_mgr

9141

TCP

ceph_mgr

9142

TCP

ceph_mgr

9283

TCP

ceph_mgr

9284

TCP

ceph_mon

2379

TCP

ceph_mon

3300

TCP

ceph_mon

6789

TCP

ceph_mon

6800:6900

TCP

ceph_mon

9141

TCP

ceph_mon

9142

TCP

ceph_mon

9283

TCP

ceph_mon

9284

TCP

ceph_osd

2379

TCP

ceph_osd

3300

TCP

ceph_osd

6789

TCP

ceph_osd

6800:6900

TCP

ceph_osd

9141

TCP

ceph_osd

9142

TCP

ceph_osd

9283

TCP

ceph_osd

9284

TCP

ceph_rgw

2379

TCP

ceph_rgw

3300

TCP

ceph_rgw

6789

TCP

ceph_rgw

6800:6900

TCP

ceph_rgw

9141

TCP

ceph_rgw

9142

TCP

ceph_rgw

9283

TCP

ceph_rgw

9284

TCP

ceph_rgw_configurator

2379

TCP

ceph_rgw_configurator

3300

TCP

ceph_rgw_configurator

6789

TCP

ceph_rgw_configurator

6800:6900

TCP

ceph_rgw_configurator

9141

TCP

ceph_rgw_configurator

9142

TCP

ceph_rgw_configurator

9283

TCP

ceph_rgw_configurator

9284

TCP

clickhouse

2379

TCP

clickhouse

8123

TCP

clickhouse

9000

TCP

clickhouse_database_configurator

2379

TCP

clickhouse_database_configurator

9000

TCP

clickhouse_metrics_importer

2379

TCP

clickhouse_metrics_importer

6379

TCP

clickhouse_metrics_importer

8123

TCP

clickhouse_metrics_importer

9000

TCP

clickhouse_metrics_importer

9090

TCP

coredns

53

TCP

coredns

53

TCP

coredns

2379

TCP

deployment_api

22

TCP

deployment_api

2377

TCP

deployment_api

2379

TCP

deployment_api

4567

TCP

deployment_api

8080

TCP

deployment_api

8443

TCP

deployment_api

8701

TCP

deployment_api

9141

TCP

deployment_api

9284

TCP

deployment_management_api

53

TCP

deployment_management_api

2379

TCP

deployment_management_api

4567

TCP

deployment_management_api

8091

TCP

deployment_management_api

8443

TCP

deployment_management_api

8701

TCP

deployment_management_api

8702

TCP

deployment_management_api

8765

TCP

deployment_management_api

8899

TCP

deployment_management_api

9141

TCP

dhcp_server

Any

Any

edr_synchronizer

25

TCP

edr_synchronizer

80

TCP

edr_synchronizer

514

TCP

edr_synchronizer

514

UDP

edr_synchronizer

2379

TCP

edr_synchronizer

5432

TCP

edr_synchronizer

6379

TCP

edr_synchronizer

8081

TCP

edr_synchronizer

8082

TCP

edr_synchronizer

8083

TCP

edr_synchronizer

9092

TCP

edr_synchronizer

10000:10010

TCP

edr_synchronizer

33334

TCP

elasticsearch

2379

TCP

elasticsearch

9200

TCP

elasticsearch

9300

TCP

elasticsearch_data

2379

TCP

elasticsearch_data

9200

TCP

elasticsearch_data

9300

TCP

elasticsearch_exporter

2379

TCP

elasticsearch_exporter

9200

TCP

elasticsearch_exporter

9300

TCP

etcd

2379

TCP

etcd

2380

TCP

events_api

80

TCP

events_api

2379

TCP

events_api

5432

TCP

events_api

8080

TCP

events_api

8081

TCP

events_api

9092

TCP

events_api

9100

TCP

events_api

9284

TCP

events_api

10000:10010

TCP

fastsearch

2379

TCP

fastsearch

8080

TCP

fastsearch

8180

TCP

fastsearch_events_cleaner

9200

TCP

fastsearch_events_importer

2379

TCP

fastsearch_events_importer

8081

TCP

fastsearch_events_importer

9092

TCP

fastsearch_events_importer

9100

TCP

fastsearch_events_importer

9200

TCP

fastsearch_events_importer

10000:10010

TCP

hunts_database_configurator

2379

TCP

hunts_database_configurator

5432

TCP

hunts_database_synchronizer

2379

TCP

hunts_database_synchronizer

5432

TCP

hunts_database_synchronizer

9092

TCP

hunts_database_synchronizer

10000:10010

TCP

hunts_event_processor

2379

TCP

hunts_event_processor

5432

TCP

hunts_event_processor

8080

TCP

hunts_event_processor

8081

TCP

hunts_event_processor

9092

TCP

hunts_event_processor

9100

TCP

hunts_event_processor

10000:10010

TCP

hunts_statistics_api

2379

TCP

hunts_statistics_api

5432

TCP

hunts_statistics_api

8080

TCP

hunts_statistics_api

8081

TCP

hunts_statistics_api

9092

TCP

hunts_statistics_api

9100

TCP

hunts_statistics_api

10000:10010

TCP

hunts_statistics_processor

2379

TCP

hunts_statistics_processor

5432

TCP

hunts_statistics_processor

8080

TCP

hunts_statistics_processor

8081

TCP

hunts_statistics_processor

9092

TCP

hunts_statistics_processor

9100

TCP

hunts_statistics_processor

9200

TCP

hunts_statistics_processor

10000:10010

TCP

edr_synchronizer

25

TCP

edr_synchronizer

80

TCP

ids_alert_syncer

514

UDP

ids_alert_syncer

2379

TCP

ids_alert_syncer

5432

TCP

ids_alert_syncer

777

TCP

ids_alert_syncer

8083

TCP

ids_alert_syncer

9092

TCP

ids_alert_syncer

9200

TCP

ids_alert_syncer

10000:10010

TCP

ids_alert_syncer

33334

TCP

ioa_update_validator

2379

TCP

ipsec_manager

80

TCP

ipsec_manager

2379

TCP

kafka

2379

TCP

kafka

2181

TCP

kafka

9092

TCP

kafka

9095

TCP

kafka

10000:10010

TCP

kafka_configurator

2181

TCP

kafka_configurator

2379

TCP

kafka_configurator

9092

TCP

kafka_configurator

10000:10010

TCP

kafka_exporter

2379

TCP

kafka_exporter

9092

TCP

kafka_exporter

9100

TCP

kafka_exporter

10000:10010

TCP

kafka_proxy

Any

Any

kata_scanner

25

TCP

kata_scanner

80

TCP

kata_scanner

514

TCP

kata_scanner

514

UDP

kata_scanner

443

TCP

kata_scanner

2379

TCP

kata_scanner

5432

TCP

kata_scanner

6379

TCP

kata_scanner

7777

TCP

kata_scanner

8081

TCP

kata_scanner

8082

TCP

kata_scanner

8083

TCP

kata_scanner

9081

TCP

kata_scanner

9090

TCP

kata_scanner

9092

TCP

kata_scanner

9100

TCP

kata_scanner

9284

TCP

kata_scanner

10000:10010

TCP

kata_scanner

33334

TCP

ksb_agent_server

80

TCP

ksb_agent_server

2379

TCP

ksb_agent_server

5432

TCP

ksb_agent_server

8082

TCP

ksb_agent_server

8083

TCP

ksb_agent_server

9898

TCP

ksn_proxy

80

TCP

ksn_proxy

443

TCP

ksn_proxy

514

TCP

ksn_proxy

514

UDP

ksn_proxy

2379

TCP

ksn_proxy

7777

TCP

ksn_proxy

8083

TCP

ksn_proxy

9092

TCP

ksn_proxy

9102

TCP

ksn_proxy

10000:10010

TCP

ksn_proxy

1:65535

TCP

ksqldb_configurator

2379

TCP

ksqldb_configurator

5432

TCP

ksqldb_configurator

8083

TCP

ksqldb_configurator

8088

TCP

ksqldb_configurator

9092

TCP

ksqldb_configurator

10000:10010

TCP

ksqldb_server

2379

TCP

ksqldb_server

5432

TCP

ksqldb_server

9092

TCP

ksqldb_server

11000:11006

TCP

management_ui

2379

TCP

management_ui

8091

TCP

monitoring_grafana

3000

TCP

monitoring_prometheus

2379

TCP

monitoring_prometheus

9090

TCP

monitoring_prometheus

9100

TCP

monitoring_prometheus

9102

TCP

monitoring_prometheus

9141

TCP

monitoring_prometheus

9142

TCP

monitoring_prometheus

9191

TCP

monitoring_prometheus

9192

TCP

monitoring_prometheus

9283

TCP

multitenancy_management_api

2379

TCP

multitenancy_management_api

4567

TCP

multitenancy_management_api

8443

TCP

multitenancy_management_api

8701

TCP

multitenancy_management_api

8090

TCP

multitenancy_management_api

8899

TCP

nginx_exporter

2379

TCP

nginx_gateway

80

TCP

nginx_gateway

81

TCP

nginx_gateway

443

TCP

nginx_gateway

2379

TCP

nginx_gateway

4443

TCP

nginx_gateway

4567

TCP

nginx_gateway

6379

TCP

nginx_gateway

8080

TCP

nginx_gateway

8081

TCP

nginx_gateway

8082

TCP

nginx_gateway

8083

TCP

nginx_gateway

8085

TCP

nginx_gateway

8090

TCP

nginx_gateway

8100

TCP

nginx_gateway

8443

TCP

nginx_gateway

8444

TCP

nginx_gateway

8701

TCP

nginx_gateway

8702

TCP

nginx_gateway

8899

TCP

nginx_gateway

9393

TCP

nginx_gateway

9898

TCP

node_exporter

Any

Any

nta_core

25

TCP

nta_core

80

TCP

nta_core

2379

TCP

nta_core

5433

TCP

nta_core

8082

TCP

nta_core

8083

TCP

nta_core

9443

TCP

nta_database

-

-

nta_database_configurator

2379

TCP

nta_database_configurator

5432

TCP

nta_database_configurator

5432

TCP

nta_sensor_configurator

2379

TCP

nta_sensor_configurator

8084

TCP

nta_sensor_configurator

9443

TCP

nta_sensor_configurator

50051

TCP

nta_syncer

80

TCP

nta_syncer

2379

TCP

nta_syncer

5422

TCP

nta_syncer

5423

TCP

nta_syncer

7777

TCP

nta_syncer

8084

TCP

nta_syncer

9092

TCP

nta_syncer

10000:10010

TCP

nta_syncer

50051

TCP

postfix

25

TCP

postfix

2379

TCP

postgresql_exporter

2379

TCP

postgresql_exporter

5432

TCP

postgresql_exporter

9100

TCP

postgresql_server

2379

TCP

postgresql_server

5432

TCP

preprocessor

Any

Any

preprocessor_icap

80

TCP

preprocessor_icap

1514

TCP

preprocessor_icap

1514

UDP

preprocessor_icap

2379

TCP

preprocessor_icap

4223

TCP

preprocessor_icap

6379

TCP

preprocessor_icap

7777

TCP

preprocessor_icap

8081

TCP

preprocessor_icap

8082

TCP

preprocessor_icap

8083

TCP

preprocessor_icap

9092

TCP

preprocessor_icap

9192

TCP

preprocessor_icap

9284

TCP

preprocessor_icap

10000:10010

TCP

preprocessor_pop

110

TCP

preprocessor_pop

514

TCP

preprocessor_pop

514

UDP

preprocessor_pop

2379

TCP

preprocessor_pop

4223

TCP

preprocessor_pop

6379

TCP

preprocessor_pop

7777

TCP

preprocessor_pop

8081

TCP

preprocessor_pop

8082

TCP

preprocessor_pop

8083

TCP

preprocessor_pop

9081

TCP

preprocessor_pop

9092

TCP

preprocessor_pop

10000:10010

TCP

preprocessor_pop

1:65535

TCP

preprocessor_smtp

514

TCP

preprocessor_smtp

514

UDP

preprocessor_smtp

2379

TCP

preprocessor_smtp

4223

TCP

preprocessor_smtp

6379

TCP

preprocessor_smtp

7777

TCP

preprocessor_smtp

8081

TCP

preprocessor_smtp

8082

TCP

preprocessor_smtp

8083

TCP

preprocessor_smtp

9081

TCP

preprocessor_smtp

9092

TCP

preprocessor_smtp

10000:10010

TCP

preprocessor_span

Any

Any

primary_database_configurator

2379

TCP

primary_database_configurator

5432

TCP

redis

2379

TCP

redis

6379

TCP

response_actions_processor

514

TCP

response_actions_processor

514

UDP

response_actions_processor

2379

TCP

response_actions_processor

5432

TCP

response_actions_processor

8081

TCP

response_actions_processor

9092

TCP

response_actions_processor

9100

TCP

response_actions_processor

10000:10010

TCP

response_api

514

TCP

response_api

514

UDP

response_api

2379

TCP

response_api

5432

TCP

response_api

8080

TCP

response_api

9092

TCP

response_api

9100

TCP

response_api

10000:10010

TCP

s3rotator

80

TCP

s3rotator

1080

TCP

s3rotator

2379

TCP

s3rotator

9283

TCP

s3rotator

9284

TCP

schema_registry

2379

TCP

schema_registry

8081

TCP

schema_registry

9092

TCP

schema_registry

10000:10010

TCP

sensor_event_processor

2379

TCP

sensor_event_processor

8080

TCP

sensor_event_processor

8081

TCP

sensor_event_processor

9092

TCP

sensor_event_processor

9100

TCP

sensor_event_processor

10000:10010

TCP

services_configurator

2379

TCP

siem_proxy

80

TCP

siem_proxy

514

TCP

siem_proxy

514

UDP

siem_proxy

1080

TCP

siem_proxy

1514

TCP

siem_proxy

1514

UDP

siem_proxy

2080

TCP

siem_proxy

2379

TCP

siem_proxy

9284

TCP

siem_proxy

Any

Any

snmpd

161

TCP

snmpd

2379

TCP

updater

80

TCP

updater

443

TCP

updater

514

TCP

updater

514

TCP

updater

2379

TCP

updater

5432

TCP

updater

6379

TCP

updater

7777

TCP

updater

8083

TCP

updater

9100

TCP

updater

9500

TCP

updater

1:65535

TCP

updates_consistency_checker

80

TCP

updates_consistency_checker

2379

TCP

updates_consistency_checker

6379

TCP

updates_consistency_checker

8083

TCP

updates_consistency_checker

9092

TCP

updates_consistency_checker

10000:10010

TCP

web_backend

25

TCP

web_backend

80

TCP

web_backend

443

TCP

web_backend

514

TCP

web_backend

514

UDP

web_backend

1080

TCP

web_backend

2379

TCP

web_backend

5432

TCP

web_backend

6379

TCP

web_backend

7777

TCP

web_backend

8080

TCP

web_backend

8081

TCP

web_backend

8082

TCP

web_backend

8083

TCP

web_backend

8085

TCP

web_backend

8090

TCP

web_backend

8123

TCP

web_backend

8283

TCP

web_backend

8443

TCP

web_backend

8444

TCP

web_backend

8899

TCP

web_backend

9090

TCP

web_backend

9092

TCP

web_backend

9284

TCP

web_backend

9500

TCP

web_backend

10000:10010

TCP

web_backend

33334

TCP

zookeeper

2181

TCP

zookeeper

2379

TCP

zookeeper

2888

TCP

zookeeper

3888

TCP

zookeeper

9092

TCP

zookeeper

10000:10010

TCP

Page top

[Topic 299094]

Ports used by services of a Central Node deployed as a server

For the application to work correctly with the Central Node component deployed as a server, you must configure network access for outgoing connections in accordance with the table below.

Ports used by services in a configuration with the Central Node component deployed as a server

Service

Port

Protocol

agent_database_configurator

2379

TCP

agent_database_configurator

5432

TCP

agent_database_synchronizer

2379

TCP

agent_database_synchronizer

5432

TCP

agent_database_synchronizer

9092

TCP

agent_database_synchronizer

9100

TCP

agent_database_synchronizer

10000:10010

TCP

agent_server

1080

TCP

agent_server

2379

TCP

agent_server

5432

TCP

agent_server

8100

TCP

agent_server

9090

TCP

agent_server

9284

TCP

antiapt_database_configurator

2379

TCP

antiapt_database_configurator

5432

TCP

authorization_service

2379

TCP

authorization_service

4567

TCP

authorization_service

8090

TCP

authorization_service

8443

TCP

authorization_service

8701

TCP

authorization_service

8899

TCP

cadvisor

Any

Any

clickhouse

2379

TCP

clickhouse

8123

TCP

clickhouse

9000

TCP

clickhouse_database_configurator

2379

TCP

clickhouse_database_configurator

9000

TCP

clickhouse_metrics_importer

2379

TCP

clickhouse_metrics_importer

6379

TCP

clickhouse_metrics_importer

8123

TCP

clickhouse_metrics_importer

9000

TCP

clickhouse_metrics_importer

9090

TCP

coredns

53

TCP

coredns

53

TCP

coredns

2379

TCP

deployment_api

22

TCP

deployment_api

2377

TCP

deployment_api

2379

TCP

deployment_api

4567

TCP

deployment_api

8080

TCP

deployment_api

8443

TCP

deployment_api

8701

TCP

deployment_api

9141

TCP

deployment_api

9284

TCP

deployment_management_api

53

TCP

deployment_management_api

2379

TCP

deployment_management_api

4567

TCP

deployment_management_api

8091

TCP

deployment_management_api

8443

TCP

deployment_management_api

8701

TCP

deployment_management_api

8702

TCP

deployment_management_api

8765

TCP

deployment_management_api

8899

TCP

deployment_management_api

9141

TCP

dhcp_server

Any

Any

edr_synchronizer

25

TCP

edr_synchronizer

80

TCP

edr_synchronizer

514

TCP

edr_synchronizer

514

UDP

edr_synchronizer

2379

TCP

edr_synchronizer

5432

TCP

edr_synchronizer

6379

TCP

edr_synchronizer

8081

TCP

edr_synchronizer

8082

TCP

edr_synchronizer

8083

TCP

edr_synchronizer

9092

TCP

edr_synchronizer

10000:10010

TCP

edr_synchronizer

33334

TCP

elasticsearch

2379

TCP

elasticsearch

9200

TCP

elasticsearch

9300

TCP

elasticsearch_data

2379

TCP

elasticsearch_data

9200

TCP

elasticsearch_data

9300

TCP

elasticsearch_exporter

2379

TCP

elasticsearch_exporter

9200

TCP

elasticsearch_exporter

9300

TCP

etcd

2379

TCP

etcd

2380

TCP

events_api

80

TCP

events_api

2379

TCP

events_api

5432

TCP

events_api

8080

TCP

events_api

8081

TCP

events_api

9092

TCP

events_api

9100

TCP

events_api

9284

TCP

events_api

10000:10010

TCP

fastsearch

2379

TCP

fastsearch

8080

TCP

fastsearch

8180

TCP

fastsearch_events_cleaner

9200

TCP

fastsearch_events_importer

2379

TCP

fastsearch_events_importer

8081

TCP

fastsearch_events_importer

9092

TCP

fastsearch_events_importer

9100

TCP

fastsearch_events_importer

9200

TCP

fastsearch_events_importer

10000:10010

TCP

hunts_database_configurator

2379

TCP

hunts_database_configurator

5432

TCP

hunts_database_synchronizer

2379

TCP

hunts_database_synchronizer

5432

TCP

hunts_database_synchronizer

9092

TCP

hunts_database_synchronizer

10000:10010

TCP

hunts_event_processor

2379

TCP

hunts_event_processor

5432

TCP

hunts_event_processor

8080

TCP

hunts_event_processor

8081

TCP

hunts_event_processor

9092

TCP

hunts_event_processor

9100

TCP

hunts_event_processor

10000:10010

TCP

hunts_statistics_api

2379

TCP

hunts_statistics_api

5432

TCP

hunts_statistics_api

8080

TCP

hunts_statistics_api

8081

TCP

hunts_statistics_api

9092

TCP

hunts_statistics_api

9100

TCP

hunts_statistics_api

10000:10010

TCP

hunts_statistics_processor

2379

TCP

hunts_statistics_processor

5432

TCP

hunts_statistics_processor

8080

TCP

hunts_statistics_processor

8081

TCP

hunts_statistics_processor

9092

TCP

hunts_statistics_processor

9100

TCP

hunts_statistics_processor

9200

TCP

hunts_statistics_processor

10000:10010

TCP

edr_synchronizer

25

TCP

edr_synchronizer

80

TCP

ids_alert_syncer

514

UDP

ids_alert_syncer

2379

TCP

ids_alert_syncer

5432

TCP

ids_alert_syncer

777

TCP

ids_alert_syncer

8083

TCP

ids_alert_syncer

9092

TCP

ids_alert_syncer

9200

TCP

ids_alert_syncer

10000:10010

TCP

ids_alert_syncer

33334

TCP

ioa_update_validator

2379

TCP

ipsec_manager

80

TCP

ipsec_manager

2379

TCP

kafka

2379

TCP

kafka

2181

TCP

kafka

9092

TCP

kafka

9095

TCP

kafka

10000:10010

TCP

kafka_configurator

2181

TCP

kafka_configurator

2379

TCP

kafka_configurator

9092

TCP

kafka_configurator

10000:10010

TCP

kafka_exporter

2379

TCP

kafka_exporter

9092

TCP

kafka_exporter

9100

TCP

kafka_exporter

10000:10010

TCP

kafka_proxy

Any

Any

kata_scanner

25

TCP

kata_scanner

80

TCP

kata_scanner

514

TCP

kata_scanner

514

UDP

kata_scanner

443

TCP

kata_scanner

2379

TCP

kata_scanner

5432

TCP

kata_scanner

6379

TCP

kata_scanner

7777

TCP

kata_scanner

8081

TCP

kata_scanner

8082

TCP

kata_scanner

8083

TCP

kata_scanner

9081

TCP

kata_scanner

9090

TCP

kata_scanner

9092

TCP

kata_scanner

9100

TCP

kata_scanner

9284

TCP

kata_scanner

10000:10010

TCP

kata_scanner

33334

TCP

ksb_agent_server

80

TCP

ksb_agent_server

2379

TCP

ksb_agent_server

5432

TCP

ksb_agent_server

8082

TCP

ksb_agent_server

8083

TCP

ksb_agent_server

9898

TCP

ksn_proxy

80

TCP

ksn_proxy

443

TCP

ksn_proxy

514

TCP

ksn_proxy

514

UDP

ksn_proxy

2379

TCP

ksn_proxy

7777

TCP

ksn_proxy

8083

TCP

ksn_proxy

9092

TCP

ksn_proxy

9102

TCP

ksn_proxy

10000:10010

TCP

ksn_proxy

1:65535

TCP

ksqldb_configurator

2379

TCP

ksqldb_configurator

5432

TCP

ksqldb_configurator

8083

TCP

ksqldb_configurator

8088

TCP

ksqldb_configurator

9092

TCP

ksqldb_configurator

10000:10010

TCP

ksqldb_server

2379

TCP

ksqldb_server

5432

TCP

ksqldb_server

9092

TCP

ksqldb_server

11000:11006

TCP

management_ui

2379

TCP

management_ui

8091

TCP

monitoring_grafana

3000

TCP

monitoring_prometheus

2379

TCP

monitoring_prometheus

9090

TCP

monitoring_prometheus

9100

TCP

monitoring_prometheus

9102

TCP

monitoring_prometheus

9141

TCP

monitoring_prometheus

9142

TCP

monitoring_prometheus

9191

TCP

monitoring_prometheus

9192

TCP

monitoring_prometheus

9283

TCP

multitenancy_management_api

2379

TCP

multitenancy_management_api

4567

TCP

multitenancy_management_api

8443

TCP

multitenancy_management_api

8701

TCP

multitenancy_management_api

8090

TCP

multitenancy_management_api

8899

TCP

nginx_exporter

2379

TCP

nginx_gateway

80

TCP

nginx_gateway

81

TCP

nginx_gateway

443

TCP

nginx_gateway

2379

TCP

nginx_gateway

4443

TCP

nginx_gateway

4567

TCP

nginx_gateway

6379

TCP

nginx_gateway

8080

TCP

nginx_gateway

8081

TCP

nginx_gateway

8082

TCP

nginx_gateway

8083

TCP

nginx_gateway

8085

TCP

nginx_gateway

8090

TCP

nginx_gateway

8100

TCP

nginx_gateway

8443

TCP

nginx_gateway

8444

TCP

nginx_gateway

8701

TCP

nginx_gateway

8702

TCP

nginx_gateway

8899

TCP

nginx_gateway

9393

TCP

nginx_gateway

9898

TCP

node_exporter

Any

Any

nta_core

25

TCP

nta_core

80

TCP

nta_core

2379

TCP

nta_core

5433

TCP

nta_core

8082

TCP

nta_core

8083

TCP

nta_core

9443

TCP

nta_database

-

-

nta_database_configurator

2379

TCP

nta_database_configurator

5432

TCP

nta_database_configurator

5432

TCP

nta_sensor_configurator

2379

TCP

nta_sensor_configurator

8084

TCP

nta_sensor_configurator

9443

TCP

nta_sensor_configurator

50051

TCP

nta_syncer

80

TCP

nta_syncer

2379

TCP

nta_syncer

5422

TCP

nta_syncer

5423

TCP

nta_syncer

7777

TCP

nta_syncer

8084

TCP

nta_syncer

9092

TCP

nta_syncer

10000:10010

TCP

nta_syncer

50051

TCP

postfix

25

TCP

postfix

2379

TCP

postgresql_exporter

2379

TCP

postgresql_exporter

5432

TCP

postgresql_exporter

9100

TCP

postgresql_server

2379

TCP

postgresql_server

5432

TCP

preprocessor

Any

Any

preprocessor_icap

80

TCP

preprocessor_icap

1514

TCP

preprocessor_icap

1514

UDP

preprocessor_icap

2379

TCP

preprocessor_icap

4223

TCP

preprocessor_icap

6379

TCP

preprocessor_icap

7777

TCP

preprocessor_icap

8081

TCP

preprocessor_icap

8082

TCP

preprocessor_icap

8083

TCP

preprocessor_icap

9092

TCP

preprocessor_icap

9192

TCP

preprocessor_icap

9284

TCP

preprocessor_icap

10000:10010

TCP

preprocessor_pop

110

TCP

preprocessor_pop

514

TCP

preprocessor_pop

514

UDP

preprocessor_pop

2379

TCP

preprocessor_pop

4223

TCP

preprocessor_pop

6379

TCP

preprocessor_pop

7777

TCP

preprocessor_pop

8081

TCP

preprocessor_pop

8082

TCP

preprocessor_pop

8083

TCP

preprocessor_pop

9081

TCP

preprocessor_pop

9092

TCP

preprocessor_pop

10000:10010

TCP

preprocessor_pop

1:65535

TCP

preprocessor_smtp

514

TCP

preprocessor_smtp

514

UDP

preprocessor_smtp

2379

TCP

preprocessor_smtp

4223

TCP

preprocessor_smtp

6379

TCP

preprocessor_smtp

7777

TCP

preprocessor_smtp

8081

TCP

preprocessor_smtp

8082

TCP

preprocessor_smtp

8083

TCP

preprocessor_smtp

9081

TCP

preprocessor_smtp

9092

TCP

preprocessor_smtp

10000:10010

TCP

preprocessor_span

Any

Any

primary_database_configurator

2379

TCP

primary_database_configurator

5432

TCP

redis

2379

TCP

redis

6379

TCP

response_actions_processor

514

TCP

response_actions_processor

514

UDP

response_actions_processor

2379

TCP

response_actions_processor

5432

TCP

response_actions_processor

8081

TCP

response_actions_processor

9092

TCP

response_actions_processor

9100

TCP

response_actions_processor

10000:10010

TCP

response_api

514

TCP

response_api

514

UDP

response_api

2379

TCP

response_api

5432

TCP

response_api

8080

TCP

response_api

9092

TCP

response_api

9100

TCP

response_api

10000:10010

TCP

s3proxy

80

TCP

s3proxy

1080

TCP

s3proxy

2379

TCP

s3rotator

80

TCP

s3rotator

1080

TCP

s3rotator

2379

TCP

s3rotator

9283

TCP

s3rotator

9284

TCP

schema_registry

2379

TCP

schema_registry

8081

TCP

schema_registry

9092

TCP

schema_registry

10000:10010

TCP

sensor_event_processor

2379

TCP

sensor_event_processor

8080

TCP

sensor_event_processor

8081

TCP

sensor_event_processor

9092

TCP

sensor_event_processor

9100

TCP

sensor_event_processor

10000:10010

TCP

services_configurator

2379

TCP

siem_proxy

80

TCP

siem_proxy

514

TCP

siem_proxy

514

UDP

siem_proxy

1080

TCP

siem_proxy

1514

TCP

siem_proxy

1514

UDP

siem_proxy

2080

TCP

siem_proxy

2379

TCP

siem_proxy

9284

TCP

siem_proxy

Any

Any

snmpd

161

TCP

snmpd

2379

TCP

updater

80

TCP

updater

443

TCP

updater

514

TCP

updater

514

TCP

updater

2379

TCP

updater

5432

TCP

updater

6379

TCP

updater

7777

TCP

updater

8083

TCP

updater

9100

TCP

updater

9500

TCP

updater

1:65535

TCP

updates_consistency_checker

80

TCP

updates_consistency_checker

2379

TCP

updates_consistency_checker

6379

TCP

updates_consistency_checker

8083

TCP

updates_consistency_checker

9092

TCP

updates_consistency_checker

10000:10010

TCP

web_backend

25

TCP

web_backend

80

TCP

web_backend

443

TCP

web_backend

514

TCP

web_backend

514

UDP

web_backend

1080

TCP

web_backend

2379

TCP

web_backend

5432

TCP

web_backend

6379

TCP

web_backend

7777

TCP

web_backend

8080

TCP

web_backend

8081

TCP

web_backend

8082

TCP

web_backend

8083

TCP

web_backend

8085

TCP

web_backend

8090

TCP

web_backend

8123

TCP

web_backend

8283

TCP

web_backend

8443

TCP

web_backend

8444

TCP

web_backend

8899

TCP

web_backend

9090

TCP

web_backend

9092

TCP

web_backend

9284

TCP

web_backend

9500

TCP

web_backend

10000:10010

TCP

web_backend

33334

TCP

zookeeper

2181

TCP

zookeeper

2379

TCP

zookeeper

2888

TCP

zookeeper

3888

TCP

zookeeper

9092

TCP

zookeeper

10000:10010

TCP

Page top

[Topic 299268]

Ports used by services in a configuration with the Sensor component installed on a standalone server

For the application to work correctly in a configuration with the Sensor component installed on a standalone server, you must configure network access for outgoing connections in accordance with the table below.

Ports used by services in a configuration with the Sensor component installed on a standalone server

Service

Port

Protocol

cadvisor

Any

Any

ksn_proxy

80

TCP

ksn_proxy

443

TCP

ksn_proxy

514

TCP

ksn_proxy

514

UDP

ksn_proxy

2379

TCP

ksn_proxy

7777

TCP

ksn_proxy

8083

TCP

ksn_proxy

9092

TCP

ksn_proxy

9102

TCP

ksn_proxy

10000:10010

TCP

monitoring_prometheus

2379

TCP

monitoring_prometheus

9090

TCP

monitoring_prometheus

9100

TCP

monitoring_prometheus

9102

TCP

monitoring_prometheus

9141

TCP

monitoring_prometheus

9142

TCP

monitoring_prometheus

9191

TCP

monitoring_prometheus

9192

TCP

nginx_gateway

443

TCP

nginx_gateway

2379

TCP

nginx_gateway

8085

TCP

nginx_gateway

8100

TCP

nginx_gateway

8283

TCP

node_exporter

Any

TCP

preprocessor_icap

443

TCP

preprocessor_icap

1080

TCP

preprocessor_icap

1344

TCP

preprocessor_icap

1514

TCP

preprocessor_icap

1514

UDP

preprocessor_icap

2379

TCP

preprocessor_icap

4223

TCP

preprocessor_icap

6379

TCP

preprocessor_icap

7777

TCP

preprocessor_icap

8081

UDP

preprocessor_icap

8082

TCP

preprocessor_icap

8082

UDP

preprocessor_icap

8083

TCP

preprocessor_icap

8085

TCP

preprocessor_icap

9092

TCP

preprocessor_pop3

1514

TCP

preprocessor_pop3

1514

UDP

preprocessor_pop3

2379

TCP

preprocessor_pop3

4223

TCP

preprocessor_pop3

6379

TCP

preprocessor_pop3

7777

TCP

preprocessor_pop3

8081

TCP

preprocessor_pop3

8081

UDP

preprocessor_pop3

8082

UDP

preprocessor_pop3

8083

TCP

preprocessor_pop3

9081

TCP

preprocessor_pop3

9092

TCP

preprocessor_pop3

11000

TCP

preprocessor_smtp

1514

TCP

preprocessor_smtp

1514

UDP

preprocessor_smtp

2379

TCP

preprocessor_smtp

4223

TCP

preprocessor_smtp

6379

TCP

preprocessor_smtp

7777

TCP

preprocessor_smtp

8081

TCP

preprocessor_smtp

8081

UDP

preprocessor_smtp

8082

UDP

preprocessor_smtp

8083

TCP

preprocessor_smtp

9081

TCP

preprocessor_smtp

9092

TCP

preprocessor_smtp

11000

TCP

preprocessor_span

Any

Any

preprocessor_span

13520

TCP

preprocessor_span

8081

UDP

preprocessor_span

8082

UDP

preprocessor_span

9081

TCP

preprocessor_span

7777

TCP

preprocessor_span

9092

TCP

preprocessor_span

8083

TCP

preprocessor_span

2379

TCP

preprocessor_span

6379

TCP

redis

2379

TCP

redis

6379

TCP

s3proxy

80

TCP

s3proxy

1080

TCP

s3proxy

2379

TCP

s3rotator

80

TCP

s3rotator

1080

TCP

s3rotator

2379

TCP

s3rotator

9284

TCP

sensor_management_api

Any

Any

services_configurator

2379

TCP

siem_proxy

80

TCP

siem_proxy

514

TCP

siem_proxy

514

UDP

siem_proxy

1080

TCP

siem_proxy

1514

TCP

siem_proxy

1514

UDP

siem_proxy

2080

TCP

siem_proxy

2379

TCP

siem_proxy

9284

TCP

snmpd

161

TCP

snmpd

2379

TCP

Page top

[Topic 299285]

Ports for communication between network traffic analysis services

For the application to work correctly, you must make sure that network traffic analysis services can communicate through the ports listed in the table below. Inbound connections for services are allowed by default.

Ports for communication between network traffic analysis services

Service

Port

Destination service

Protocol

nta_database_configurator

5433

nta_database

TCP

nta_core

5433

nta_database

TCP

nta_core

2379

etcd

TCP

nta_core

80

web_backend

TCP

nta_core

9443

internet

TCP

nta_syncer

9092

kafka

TCP

nta_syncer

2379

etcd

TCP

nta_syncer

5432

postgresql_server

TCP

nta_syncer

5433

nta_database

TCP

nta_syncer

50051

nta_core

TCP

nta_syncer

8084

nta_core

TCP

nta_sensor_configurator

50051

nta_core

UDP

nta_sensor_configurator

9443

nta_core

TCP

preprocessor_span

13520

nta_core

TCP

preprocessor_span

8081

kata_scanner

UDP

preprocessor_span

8082

kata_scanner

UDP

preprocessor_span

9081

kata_scanner

TCP

preprocessor_span

7777

ksn_proxy

TCP

preprocessor_span

9092

kafka

TCP

preprocessor_span

8083

updater

TCP

preprocessor_span

2379

etcd

TCP

preprocessor_span

6379

redis

TCP

preprocessor_icap

9092

kafka

TCP

preprocessor_icap

7777

ksn_proxy

TCP

preprocessor_icap

8081

kata_scanner

UDP

preprocessor_icap

8082

kata_scanner

UDP

preprocessor_icap

2379

etcd

TCP

preprocessor_icap

8083

updater

TCP

preprocessor_icap

4223

preprocessor_span

TCP

preprocessor_smtp

8081

kata_scanner

UDP

preprocessor_smtp

8082

kata_scanner

UDP

preprocessor_smtp

9081

kata_scanner

TCP

preprocessor_smtp

7777

ksn_proxy

TCP

preprocessor_smtp

9092

kafka

TCP

preprocessor_smtp

8083

updater

TCP

preprocessor_smtp

2379

etcd

TCP

preprocessor_smtp

6379

redis

TCP

preprocessor_smtp

4223

preprocessor_span

TCP

preprocessor_pop3

8081

kata_scanner

UDP

preprocessor_pop3

8082

kata_scanner

UDP

preprocessor_pop3

9081

kata_scanner

TCP

preprocessor_pop3

7777

ksn_proxy

TCP

preprocessor_pop3

9092

kafka

TCP

preprocessor_pop3

8083

updater

TCP

preprocessor_pop3

2379

etcd

TCP

preprocessor_pop3

6379

redis

TCP

preprocessor_pop3

4223

preprocessor_span

TCP

Page top

[Topic 299136]