To use Kaspersky Security Center Cloud Console, which is part of the Kaspersky infrastructure, you must open the following ports on the client devices to allow the internet connection (see table below):
Ports that must be open on client devices to allow the internet connection
Port (or port range) |
Protocol |
Purpose of the port (or port range) |
|---|---|---|
23100-23199 |
TCP/TLS |
Receiving connections from Network Agents and secondary Administration Servers on Kaspersky Security Center Cloud Console Administration Server at *.ksc.kaspersky.com. The Kaspersky infrastructure can use any port within this range and any web address within this mask. The port and the web address can change from time to time. |
23700-23799 (only if you manage mobile devices) |
TCP/TLS |
Receiving connections from mobile devices. Connection to the Kaspersky Security Center Cloud Console Administration Server at *.ksc.kaspersky.com. The Kaspersky infrastructure can use any port within this range and any web address within this mask. The port and the web address can change from time to time. |
27200-27299 |
TCP/TLS |
Receiving connections for application activation from managed devices (except for mobile devices). Connection to the Kaspersky Security Center Cloud Console Administration Server at *.ksc.kaspersky.com. The Kaspersky infrastructure can use any port within this range and any web address within this mask. The port and the web address can change from time to time. |
29200-29299 |
TCP/TLS |
Tunneling connections to managed devices by using the klsctunnel utility through Kaspersky Security Center Cloud Console Administration Server at *.ksc.kaspersky.com. The Kaspersky infrastructure can use any port within this range and any web address within this mask. The port and the web address can change from time to time. |
443 |
HTTPS |
Connection to Kaspersky Security Center Cloud Console discovery service at *.ksc.kaspersky.com. The Kaspersky infrastructure can use any web address within this mask. |
1443 |
TCP |
Connection to Kaspersky Security Network |
80 |
TCP |
Connection is used to check validity of the Kaspersky Security Center certificates at *.digicert.com. The Kaspersky infrastructure can use any web address within this mask. |
The table below lists the ports that must be open on client devices where Network Agent is installed.
Ports that must be open on client devices
Port number |
Protocol |
Port purpose |
Scope |
|---|---|---|---|
15000
|
UDP |
Receiving data from connection gateways (if in use) |
Managing client devices |
15000 |
UDP broadcast |
Getting data about other Network Agents within the same broadcasting domain |
Delivering updates and installation packages |
15001 |
UDP |
Receiving multicast requests from a distribution point (if in use) |
Receiving updates and installation packages from a distribution point |
Please note that the klnagent process can also request free ports from the dynamic port range of an endpoint operating system. These ports are allocated to the klnagent process automatically by the operating system, so klnagent process can use some ports that are used by another software. If the klnagent process affects that software operations, change the port settings in this software, or change the default dynamic port range in your operating system to exclude the port used by the software affected.
Also take into account that recommendations on the compatibility of Kaspersky Security Center Cloud Console with third-party software are described for reference only and may not be applicable to new versions of third-party software. The described recommendations for configuring ports are based on the experiences of Technical Support and our best practices.
The table below lists the additional ports that must be open on client devices where Network Agent is installed as a distribution point.
Ports used by Network Agent functioning as distribution point
Port number |
Protocol |
Port purpose |
Scope |
|---|---|---|---|
13000 |
TCP/TLS |
Receiving connections from Network Agents |
Managing client devices and delivering updates and installation packages |
13111 |
TCP |
Receiving requests from managed devices to KSN proxy server |
KSN proxy server |
13295 |
TCP/TLS |
Sending push notifications to managed devices |
Distribution point used as a push server |
15111 |
UDP |
Receiving requests from managed devices to KSN proxy server |
KSN proxy server |
17111 |
HTTPS |
Receiving requests from managed devices to KSN proxy server |
KSN proxy server |
If you have one or more Administration Servers on your network and use them as secondary Administration Servers when the primary Administration Server is located in the Kaspersky infrastructure, please refer to the list of ports that are used by Kaspersky Security Center running on-premises. Use those ports for interaction between your secondary Administration Server (or secondary Administration Servers) and client devices.