Ports used by Kaspersky Security Center

The table below shows the ports that must be open on Administration Servers and on client devices.

Device	Port number	Name of the process that opens the port	Protocol	TLS (except for UDP ports)	Port purpose	Scope
Administration Server	8060	klcsweb	TCP	No	Transmitting published installation packages to client devices	Publishing installation packages
	8061	klcsweb	TCP	Yes	Transmitting published installation packages to client devices	Publishing installation packages
	13000	klserver	TCP	Yes	Receiving connections from Network Agents and slave Administration Servers; also used on slave Administration Servers for receiving connections from the master Administration Server (for example, if the slave Administration Server is in DMZ)	Managing client devices and slave Administration Servers
	13000	klserver	UDP	Null	Receiving information about devices that were turned off from Network Agents	Managing client devices
	13291	klserver	TCP	Yes	Receiving connections from Administration Console to Administration Server	Managing Administration Server
	13292	klserver	TCP	Yes	Receiving connections from mobile devices	Mobile Device Management
	13294*	klserver	TCP	Yes	Receiving connections from UEFI protection devices	Managing UEFI protection client devices
	13299	klserver	TCP	Yes	Receiving connections from Kaspersky Security Center 12 Web Console to the Administration Server; receiving connections to the Administration Server over OpenAPI	Kaspersky Security Center 12 Web Console, OpenAPI
	14000	klserver	TCP	No	Receiving connections from Network Agents	Managing client devices
	13111	ksnproxy	TCP	No	Receiving requests from managed devices to KSN proxy server	KSN proxy server
	15111	ksnproxy	UDP	Null	Receiving requests from managed devices to KSN proxy server	KSN proxy server
	17000	klactprx	TCP	Yes	Receiving connections for application activation from managed devices (except for mobile devices)	Activation proxy server for non-mobile devices
	17100*	klactprx	TCP	Yes	Receiving connections for application activation from mobile devices	Activation proxy server for mobile devices
	19170*	klserver	HTTPS	Yes	Tunneling connections to managed devices by using the klsctunnel utility	Remotely connecting to managed devices by using Kaspersky Security Center 12 Web Console
Network Agent	15000	klnagent	UDP	Null	Management signals from Administration Server to Network Agents	Managing client devices
Network Agent	15000	klnagent	UDP broadcast	Null	Getting data about other Network Agents within the same broadcasting domain (the data is then sent to the Administration Server)	Delivering updates and installation packages
Distribution point	15001	klnagent	UDP	Null	Multicasting for Network Agents	Delivering updates and installation packages
Distribution point	13000	klnagent	TCP	Yes	Receiving connections from Network Agents	Managing client devices, delivering updates and installation packages
iOS MDM Server	443*	kliosmdmservicesrv	TCP	Yes	Receiving connections from iOS mobile devices	Mobile Device Management
Kaspersky Security Center 12 Web Console Server (may be the same device where the Administration Server is running, or may be a different device)	8080*	Node.js: Server-side JavaScript	TCP	Yes	Receiving connections from browser to Kaspersky Security Center 12 Web Console	Kaspersky Security Center 12 Web Console

* Italics signify the ports that you have to open only if you work with mobile devices and Kaspersky Security Center 12 Web Console (see the "Port purpose" and "Functional scope" columns).

If you install the Administration Server and the database on different devices, you must make available the necessary ports on the device where the database is located (for example, port 3306 for MySQL Server and MariaDB Server, or port 1433 for Microsoft SQL Server). Please refer to the DBMS documentation for the relevant information.