Ports used by Kaspersky Next XDR Expert
For correct interaction between the administrator host and target hosts, you must provide connection access from the administrator host to the target hosts by the ports listed in the table below. These ports cannot be changed.
For interaction between the administrator host and hosts that are used for the installation of the KUMA services and are located outside the Kubernetes cluster, you must provide access only by TCP 22 port.
Ports used for interaction between the administrator host and target hosts
Port | Protocol | Port purpose |
|---|---|---|
22 | TCP | Providing the SSH connection from the administrator host to the target hosts. Providing the SSH connection from the administrator host to the hosts that are used for the installation of the external KUMA services. |
5000 | TCP | Connection to the Docker registry. |
6443 | TCP | Connection to the Kubernetes API. |
For properly work of the Kaspersky Next XDR Expert components, the target hosts must be located in the same broadcast domain.
The table below contains the ports that must be opened on the firewalls of all target hosts of the cluster. These ports cannot be changed.
If you use the firewalld or UFW firewall on your target hosts, KDT opens the required ports on the firewalls automatically. Otherwise, you can open the listed ports manually before you deploy Kaspersky Next XDR Expert.
Required ports used by the Kaspersky Next XDR Expert components
Port | Protocol | Port purpose |
|---|---|---|
80 | TCP (HTTP) | Receiving connections from browser. Redirecting to the 443 TCP (HTTPS) port. |
443 | TCP (HTTPS) | Receiving connections from browser. Receiving connections to the Administration Server over OpenAPI. Used to automate scenarios for working with the Administration Server. |
13000 | TCP | Receiving connections from Network Agents and secondary Administration Servers. |
13000 | UDP | Receiving information about devices that were turned off from Network Agents. |
14000 | TCP | Receiving connections from Network Agents. |
17000 | TCP | Receiving connections for application activation from managed devices (except for mobile devices). |
7210 | TCP | Receiving of the KUMA configuration from the KUMA Core server. |
7220 | TCP | Receiving connections from browser. |
7222 | TCP | Reversing proxy in the CyberTrace system. |
7224 | TCP | Callbacks for Identity and Access Manager (IAM). |
The table below contains the ports that are not opened by default on the firewalls during the Kaspersky Next XDR Expert deployment. These ports cannot be changed.
If you need to perform actions listed in the Port purpose column of the table below, you can open the corresponding ports on the firewalls of all target hosts manually.
Optional ports on the firewall used by the Kaspersky Next XDR Expert components
Port | Protocol | Port purpose |
|---|---|---|
8060 | TCP | Transmitting published installation packages to client devices. |
8061 | TCP | Transmitting published installation packages to client devices. |
13111 | TCP | Receiving requests from managed devices to KSN proxy server. |
15111 | UDP | Receiving requests from managed devices to KSN proxy server. |
17111 | TCP | Receiving requests from managed devices to KSN proxy server. |
5432 | TCP | Interaction with the DBMS (PostgreSQL). This port is used only if the DBMS is installed on the target host inside the Kubernetes cluster. |
The table below contains the ports that must be opened for functioning of the Kubernetes cluster and infrastructure components. These ports cannot be changed.
If you use the firewalld or UFW firewall on your target hosts, the KDT opens the required ports on the firewalls automatically. Otherwise, you can open the listed ports manually before you deploy Kaspersky Next XDR Expert.
Ports used by the Kubernetes cluster and infrastructure components
Port | Protocol | Node |
|---|---|---|
80 | TCP | Primary node |
443 | TCP | Primary node |
10250 | TCP | Primary node |
9443 | TCP | Primary node |
6443 | TCP | Primary node |
8132 | TCP | Primary node |
5000 | TCP | Primary node |
80 | TCP | Worker node |
443 | TCP | Worker node |
179 | TCP | Worker node |
10250 | TCP | Worker node |
10255 | TCP | Worker node |
9443 | TCP | Worker node |
6443 | TCP | Worker node |
9500 | TCP | Worker node |
9501 | TCP | Worker node |
9502 | TCP | Worker node |
9503 | TCP | Worker node |
8500 | TCP | Worker node |
8501 | TCP | Worker node |
3260 | TCP | Worker node |
8000 | TCP | Worker node |
8002 | TCP | Worker node |
2049 | TCP | Worker node |
3370 | TCP | Worker node |
179 | UDP | Worker node |
51820 | UDP | Worker node |
51821 | UDP | Worker node |
For correct work of the KUMA services that are not included in a Kubernetes cluster, you must open the ports listed in the table below. The table below shows the default network ports values. These ports automatically open during the KUMA installation.
Ports used for the interaction with the external KUMA services
Port | Protocol | Direction | Destination of the connection |
|---|---|---|---|
8123 | HTTPS | From the storage service to the ClickHouse cluster node. | Writing and receiving normalized events in the ClickHouse cluster. |
9009 | HTTPS | Between ClickHouse cluster replicas. | Internal communication between ClickHouse cluster replicas for transferring data of the cluster. |
2181 | TCP | From ClickHouse cluster nodes to the ClickHouse keeper replication coordination service. | Receiving and writing of replication metadata by replicas of ClickHouse servers. |
2182 | TCP | From one ClickHouse keeper replication coordination service to another. | Internal communication between replication coordination services to reach a quorum. |
8001 | TCP | From Victoria Metrics to the ClickHouse server. | Receiving ClickHouse server operation metrics. |
9000 | TCP | From the ClickHouse client to the ClickHouse cluster node. | Writing and receiving data in the ClickHouse cluster. |
If you create an additional KUMA service (collector, correlator or storage) on a server, you need to manually open a port that corresponds to the created service on the server. You can use port TCP 7221 or other port used for service installation.
If the out of the box example services are used, the following ports automatically open during the Kaspersky Next XDR Expert deployment:
- 7230 TCP
- 7231 TCP
- 7232 TCP
- 7233 TCP
- 7234 TCP
- 7235 TCP
- 5140 TCP
- 5140 UDP
- 5141 TCP
- 5144 UDP
