Ports used by Kaspersky Security Center

The tables below show the default ports that must be open on Administration Servers and on client devices. If you want, you can change default port numbers.

The table below shows the default ports that must be open on Administration Server. However, if you install the Administration Server and the database on different devices, you must make available the necessary ports on the device where the database is located (for example, port 3306 for MySQL Server and MariaDB Server, or port 1433 for Microsoft SQL Server). Please refer to the DBMS documentation for the relevant information.

Ports that must be open on Administration Server

Port number	Name of the process that opens the port	Protocol	Port purpose	Scope
8060	klcsweb	TCP	Transmitting published installation packages to client devices	Publishing installation packages. You can change the default port number in the Web Server section of the Administration Server properties window in the Administration Console or in Kaspersky Security Center 13 Web Console.
8061	klcsweb	TCP (TLS)	Transmitting published installation packages to client devices	Publishing installation packages. You can change the default port number in the Web Server section of the Administration Server properties window in the Administration Console or in Kaspersky Security Center 13 Web Console.
13000	klserver	TCP (TLS)	Receiving connections from Network Agents and secondary Administration Servers; also used on secondary Administration Servers for receiving connections from the primary Administration Server (for example, if the secondary Administration Server is in DMZ)	Managing client devices and secondary Administration Servers. You can change the number of the default port for receiving connections from Network Agents when configuring connection ports; you can change the number of default port for receiving connections from secondary Administration Servers when creating a hierarchy of Administration Servers in the Administration Console or in Kaspersky Security Center 13 Web Console.
13000	klserver	UDP	Receiving information about devices that were turned off from Network Agents	Managing client devices. You can change the default port number in the Network Agent policy settings in the Administration Console or in Kaspersky Security Center 13 Web Console.
13291	klserver	TCP (TLS)	Receiving connections from Administration Console to Administration Server	Managing Administration Server. You can change the default port number in the Administration Server properties window in the Administration Console.
13299	klserver	TCP (TLS)	Receiving connections from Kaspersky Security Center 13 Web Console to the Administration Server; receiving connections to the Administration Server over OpenAPI	Kaspersky Security Center 13 Web Console, OpenAPI. You can change the default port number in the Administration Server properties window (in the Connection ports subsection of the General section) in the Administration Console, or when creating a hierarchy of Administration Servers in the Administration Console or in Kaspersky Security Center 13 Web Console.
14000	klserver	TCP	Receiving connections from Network Agents	Managing client devices. You can change the default port number when configuring connection ports during the installation of Kaspersky Security Center, or when manually connecting a client device to the Administration Server.
13111 (only if KSN proxy service is run on the device)	ksnproxy	TCP	Receiving requests from managed devices to KSN proxy server	KSN proxy server. You can change the default port number in the Administration Server properties window.
15111 (only if KSN proxy service is run on the device)	ksnproxy	UDP	Receiving requests from managed devices to KSN proxy server	KSN proxy server. You can change the default port number in the Administration Server properties window.
17000	klactprx	TCP (TLS)	Receiving connections for application activation from managed devices (except for mobile devices)	Activation proxy server for non-mobile devices. You can change the default port number in the Administration Server properties window.
17100 (only if you manage mobile devices)	klactprx	TCP (TLS)	Receiving connections for application activation from mobile devices	Activation proxy server for mobile devices. You can change the default port number in the Administration Server properties window.
19170 (only if you manage mobile devices)	klserver	HTTPS (TLS)	Tunneling connections to managed devices by using the klsctunnel utility	Remotely connecting to managed devices by using Kaspersky Security Center 13 Web Console. You can change the default port number in the Administration Server properties window (in the Additional ports subsection of the General section) in the Administration Console only.
13292 (only if you manage mobile devices)	klserver	TCP (TLS)	Receiving connections from mobile devices	Mobile Device Management. You can change the default port number in the Administration Server properties window in the Administration Console or in Kaspersky Security Center 13 Web Console.
13294 (only if you manage mobile devices)	klserver	TCP (TLS)	Receiving connections from UEFI protection devices	Managing UEFI protection client devices. You can change the default port number when connecting mobile devices, or later in the Administration Server properties window (in the Additional ports subsection of the General section) in the Administration Console or in Kaspersky Security Center 13 Web Console.

The table below shows the port that must be open on the iOS MDM Server (only if you manage mobile devices).

Port used by Kaspersky Security Center iOS MDM Server

Port number	Name of the process that opens the port	Protocol	Port purpose	Scope
443	kliosmdmservicesrv	TCP (TLS)	Receiving connections from iOS mobile devices	Mobile Device Management. You can change the default port number when installing iOS MDM Server.

Port number

Name of the process that opens the port

Protocol

Port purpose

Scope

443

kliosmdmservicesrv

TCP (TLS)

Receiving connections from iOS mobile devices

Mobile Device Management.

You can change the default port number when installing iOS MDM Server.

The table below shows the port that must be open on Kaspersky Security Center Web Console Server. It can be the same device where Administration Server is installed or a different device.

Port used by Kaspersky Security Center Web Console Server

Port number	Name of the process that opens the port	Protocol	Port purpose	Scope
8080	Node.js: Server-side JavaScript	TCP (TLS)	Receiving connections from browser to Kaspersky Security Center 13 Web Console	Kaspersky Security Center 13 Web Console. You can change the default port number when installing Kaspersky Security Center 13 Web Console on a device running Windows or on a Linux platform. If you install Kaspersky Security Center 13 Web Console on Linux ALT operating system, you must specify a port number other than 8080, because port 8080 is used by the operating system.

Port number

Name of the process that opens the port

Protocol

Port purpose

Scope

8080

Node.js: Server-side JavaScript

TCP (TLS)

Receiving connections from browser to Kaspersky Security Center 13 Web Console

Kaspersky Security Center 13 Web Console.

You can change the default port number when installing Kaspersky Security Center 13 Web Console on a device running Windows or on a Linux platform. If you install Kaspersky Security Center 13 Web Console on Linux ALT operating system, you must specify a port number other than 8080, because port 8080 is used by the operating system.

The table below shows the port that must be open on managed devices where Network Agent is installed.

Ports used by Network Agent

Port number	Name of the process that opens the port	Protocol	Port purpose	Scope
15000	klnagent	UDP	Management signals from Administration Server or Distribution point to Network Agents	Managing client devices. You can change the default port number in the Network Agent policy settings in the Administration Console or in Kaspersky Security Center 13 Web Console.
15000	klnagent	UDP broadcast	Getting data about other Network Agents within the same broadcasting domain (the data is then sent to the Administration Server)	Delivering updates and installation packages.

Port number

Name of the process that opens the port

Protocol

Port purpose

Scope

15000

klnagent

UDP

Management signals from Administration Server or Distribution point to Network Agents

Managing client devices.

You can change the default port number in the Network Agent policy settings in the Administration Console or in Kaspersky Security Center 13 Web Console.

15000

klnagent

UDP broadcast

Getting data about other Network Agents within the same broadcasting domain (the data is then sent to the Administration Server)

Delivering updates and installation packages.

Please note that the klnagent process can also request free ports from the dynamic port range of an endpoint operating system. These ports are allocated to the klnagent process automatically by the operating system, so klnagent process can use some ports that are used by another software. If the klnagent process affects that software operations, change the port settings in this software, or change the default dynamic port range in your operating system to exclude the port used by the software affected.

Also take into account that recommendations on the compatibility of Kaspersky Security Center with third-party software are described for reference only and may not be applicable to new versions of third-party software. The described recommendations for configuring ports are based on the experiences of Technical Support and our best practices.

The table below shows the ports that must be open on a managed device with Network Agent installed acting as a distribution point.

Ports used by Network Agent functioning as distribution point

Port number	Name of the process that opens the port	Protocol	Port purpose	Scope
13000	klnagent	TCP (TLS)	Receiving connections from Network Agents	Managing client devices, delivering updates and installation packages. You can change the default port number in the distribution point properties window in the Administration Console or in Kaspersky Security Center 13 Web Console.
13111 (only if KSN proxy service is run on the device)	ksnproxy	TCP	Receiving requests from managed devices to KSN proxy server	KSN proxy server. You can change the default port number in the distribution point properties window in the Administration Console or in Kaspersky Security Center 13 Web Console.
15001	klnagent	UDP	Multicasting for Network Agents	Delivering updates and installation packages. You can change the default port number in the distribution point properties window in the Administration Console or in Kaspersky Security Center 13 Web Console.
15111 (only if KSN proxy service is run on the device)	ksnproxy	UDP	Receiving requests from managed devices to KSN proxy server	KSN proxy server. You can change the default port number in the distribution point properties window in the Administration Console or in Kaspersky Security Center 13 Web Console.
13295 (only if you use the distribution point as a push server)	klnagent	TCP (TLS)	Sending push notifications to managed devices	Push server. You can change the default port number in the distribution point properties window in the Administration Console or in Kaspersky Security Center 13 Web Console.