Before installing the application, prepare your corporate IT infrastructure for the installation of components of Kaspersky Anti Targeted Attack Platform:
Ports for interaction between Kaspersky Anti Targeted Attack Platform components
Source |
Direction |
Port or protocol |
Description |
---|---|---|---|
Central Node
|
Inbound
|
TCP 22 |
Connecting to the server over SSH |
TCP 443 |
Receiving data from workstations with Endpoint Agent |
||
TCP 8443 |
Access to the web interface of the application |
||
TCP 9081 |
Receiving data from Sensors installed on standalone servers |
||
UDP 53 |
Communication with the Sensor server |
||
Outgoing
|
TCP 80 |
Communication with the KSN servers and Kaspersky update servers |
|
TCP 443 |
Sending objects to Sandbox for scanning |
||
TCP 601 |
Sending messages to the SIEM system |
||
UDP 53 |
Communication with the Sensor server |
||
Sensor
|
Inbound
|
TCP 22 |
Connecting to the server over SSH |
TCP 1344 |
Receiving traffic from the proxy server |
||
TCP 25 |
Receiving SMTP traffic from the mail server |
||
TCP 443 |
When Sensor is used as a proxy server for communication between workstations with Endpoint Agent and Central Node |
||
UDP 53 |
Communication with the Central Node server |
||
Outgoing
|
TCP 80 |
Communication with the KSN servers and Kaspersky update servers |
|
TCP 995 |
Integration with the mail server for secure connections |
||
TCP 110 |
Integration with the mail server for unsecured connections |
||
UDP 53 |
Communication with the Central Node server |
||
Sandbox
|
Inbound (management
|
TCP 22 |
Connecting to the server over SSH |
TCP 443 |
Interaction with the Central Node |
||
TCP 8443 |
Access to the web interface of the application |
||
Outbound (management interface) |
TCP 80 |
Communication with Kaspersky update servers |
|
Outbound (interface for internet access of processed objects) |
Any |
Access to the internet for analyzing the network behavior of processed objects |
|
SCN (when using the distributed solution mode)
|
Outgoing |
TCP 8443 |
For interaction between SCN and PCN over a secure link based on the IPSec protocol
|
Inbound and outbound |
ESP, AH, |
||
PCN (when using the distributed solution mode)
|
Inbound |
TCP 8443 |
|
Inbound and outbound |
ESP, AH, |
If you install an additional network interface that receives only mirrored traffic in a VMware ESXi™ virtual environment, use the E1000 network adapter or disable the LRO (large receive offload) option on a VMXNET3 network adapter.
If needed, you can designate other ports for the application components to use in the administrator menu of the server with the Central Node component. If you change the ports in the administrator menu, you need to allow connections to these ports in your corporate IT infrastructure.