Preparing the IT infrastructure for installing application components

Before installing the application, prepare your corporate IT infrastructure for the installation of components of Kaspersky Anti Targeted Attack Platform:

1. Ensure that the servers, the computer intended for working with the application web interface, and the computers to be installed with the Endpoint Agent component all satisfy the hardware and software requirements.
2. To protect the network from the objects being analyzed, deny access to the local network of the Sandbox server for the management network interface and the network interface used for internet access of processed objects.
3. Prepare the corporate IT infrastructure in accordance with the table below:

   Ports for interaction between Kaspersky Anti Targeted Attack Platform components

   Source	Direction	Port or protocol	Description
   Central Node	Inbound	TCP 22	Connecting to the server over SSH
   		TCP 443	Receiving data from workstations with Endpoint Agent
   		TCP 8443	Access to the web interface of the application
   		TCP 9081	Receiving data from Sensors installed on standalone servers
   		UDP 53	Communication with the Sensor server
   	Outgoing	TCP 80 TCP 443 TCP 1443	Communication with the KSN servers and Kaspersky update servers
   		TCP 443	Sending objects to Sandbox for scanning
   		TCP 601	Sending messages to the SIEM system
   		UDP 53	Communication with the Sensor server
   Sensor	Inbound	TCP 22	Connecting to the server over SSH
   		TCP 1344	Receiving traffic from the proxy server
   		TCP 25	Receiving SMTP traffic from the mail server
   		TCP 443	When Sensor is used as a proxy server for communication between workstations with Endpoint Agent and Central Node
   		UDP 53	Communication with the Central Node server
   	Outgoing	TCP 80 TCP 443	Communication with the KSN servers and Kaspersky update servers
   		TCP 995	Integration with the mail server for secure connections
   		TCP 110	Integration with the mail server for unsecured connections
   		UDP 53	Communication with the Central Node server
   Sandbox	Inbound (management interface)	TCP 22	Connecting to the server over SSH
   		TCP 443	Interaction with the Central Node
   		TCP 8443	Access to the web interface of the application
   	Outbound (management interface)	TCP 80 TCP 443	Communication with Kaspersky update servers
   	Outbound (interface for internet access of processed objects)	Any	Access to the internet for analyzing the network behavior of processed objects
   SCN (when using the distributed solution mode)	Outgoing	TCP 8443	For interaction between SCN and PCN over a secure link based on the IPSec protocol
   	Inbound and outbound	ESP, AH, IKEv1 and IKEv2
   PCN (when using the distributed solution mode)	Inbound	TCP 8443
   	Inbound and outbound	ESP, AH, IKEv1 and IKEv2

If you install an additional network interface that receives only mirrored traffic in a VMware ESXi™ virtual environment, use the E1000 network adapter or disable the LRO (large receive offload) option on a VMXNET3 network adapter.

If needed, you can designate other ports for the application components to use in the administrator menu of the server with the Central Node component. If you change the ports in the administrator menu, you need to allow connections to these ports in your corporate IT infrastructure.

See also Preparing the IT infrastructure for integration with a mail server used for receiving messages via POP3 Preparing the IT infrastructure for integration with a mail server used for receiving messages via SMTP Preparing the virtual machine for installing the Sandbox component Preparing an installation disk image with the Central Node, Sensor, and Sandbox components

Page top