Network ports used by Kaspersky Security 3.0 Light Agent

 

 

Kaspersky Security for Virtualization 3.0 | Light Agent

 
 
 

Network ports used by Kaspersky Security 3.0 Light Agent

Back to "General Info"
2017 Mar 14 ID: 10811
 
 
 
 

For the installation and correct operation of Kaspersky Security 3.0 Light Agent, configure network hardware or software used for traffic control between the virtual machines to allow network traffic pass through the following ports:

Purpose and description Ports
To transfer file scan requests from Light Agent installed on a protected virtual machine to the Protection Server installed on an SVM. 9876 (TCP) on the SVM.
To transfer service requests (e.g., requests for license info) from Light Agent installed on a protected virtual machine to the Protection Server installed on an SVM. 11111 (TCP) on the SVM.
To enable Light Agent installed on the SVM to receive information about all SVMs on all virtual infrastructure hypervisors that can be connected to. 9876 (UDP) on the protected virtual machine.
To provide Light Agent with information on the loading of the SVM (Unicast). 9876 (UDP) on the protected virtual machine.
8000 (TCP) on the SVM.
To ensure interaction between the SVM and the Integration Server installed on the computer hosting the Administration Server. 7271 (TCP) on the computer hosting the Integration Server.
To ensure interaction between the protected virtual machine and the Integration Server installed on the computer hosting the Administration Server. 7271 (TCP) on the computer hosting the Integration Server.
To manage the application via Kaspersky Security Center. 13000, 14000 (TCP) on the computer hosting the Administration Console of Kaspersky Security Center.
15000 (UDP) on all SVMs and protected virtual machines.
To enable the root account to access an SVM via SSH during deployment or reconfiguration of SVMs. 22 (TCP) on the SVM.
To deploy an SVM on a Microsoft Windows Server (Hyper-V) hypervisor. 135, 445, 1024-5000 (TCP and UDP) on the Microsoft Windows Server (Hyper-V) hypervisor.
To enable interaction between the SVM and the Microsoft Windows Server (Hyper-V) hypervisor. 5985 (HTTP) and 5986 (HTTPS) on the Microsoft Windows Server (Hyper-V) hypervisor.
To deploy the SVM on a Citrix XenServer hypervisor and to ensure interaction between the SVM and the hypervisor. 20 (TCP), 80 (HTTP), and 443 (HTTPS) on the Citrix XenServer hypervisor.
To deploy the SVM on a VMware ESXi hypervisor through a VMware vCenter server and to ensure interaction between the SVM and the hypervisor. 80 (HTTP) and 443 (HTTPS) on the VMware vCenter server.
To deploy the SVM on a KVM hypervisor and to support interaction between the SVM and the KVM hypervisor. 22 (TCP) on the KVM hypervisor.
To download updates for Light Agent from the SVM. 80 (HTTP).


To connect Light Agent installed on the protected virtual machine, to the Protection Server installed on the SVM, configure packet routing via the version 2 IGMP protocol for the group 239.255.76.65:9876 if you are using Windows XP (or, version 3 if you are using a newer version of Windows). The IP Multicast technology is used for the SVM search.

After the installation, Kaspersky Security 3.0 Light Agent configures settings of Microsoft Windows Firewall to allow incoming and outgoing traffic for the avp.exe process. If a domain policy is used for Windows Firewall, you need to set an exclusion rule for the avp.exe process in the domain policy. If a different firewall is used, you need to set an exclusion rule for the avp.exe process for the firewall.

For correct databases update on the SVM, do the following:

  • Allow outgoing network traffic from the protected virtual machine to port 445 of the SVM via the TCP protocol.
  • Allow incoming network traffic from port 445 of the SVM to the protected virtual machine via the TCP protocol.

With Citrix XenServer and VMware ESXi hypervisors, if the promiscuous mode is enabled on the network interface controller of the guest operating system, the OS will receive all Ethernet frames that pass through the virtual switch (in case it is allowed by the VLAN policy). This mode can be used for traffic monitoring and analysis in the network segment where the SVM and the protected virtual machines are used. The traffic between the SVM and protected virtual machines is not encrypted, therefore it is not recommended to use the promiscuous mode in network segments when the SVM is running. If this mode is required (for example, for monitoring traffic by other virtual machines to detect attempts of unauthorized access to the network or for fixing network issues), configure the restrictions to protect the traffic between the SVM and protected virtual machines from unauthorized access.

 
 
 
 
Was this information helpful?
Yes No
 

 
 

Have you found what you were looking for?

Please let us know how we can make this website more comfortable for you

Send feedback Send feedback

Thank you!

Thank you for submitting your feedback.
We will review your feedback shortly.