Ports used by Kaspersky Security Center Cloud Console

To use Kaspersky Security Center Cloud Console, which is part of the Kaspersky infrastructure, you must open the following ports on the client devices to allow the internet connection (see table below):

Ports that must be open on client devices to allow the internet connection

Port (or port range)

Protocol

Purpose of the port (or port range)

23100-23199

TCP/TLS

Receiving connections from Network Agents and secondary Administration Servers on Kaspersky Security Center Cloud Console Administration Server at *.ksc.kaspersky.com.

The Kaspersky infrastructure can use any port within this range and any web address within this mask. The port and the web address can change from time to time.

23700-23799

(only if you manage mobile devices)

TCP/TLS

Receiving connections from mobile devices.

Connection to the Kaspersky Security Center Cloud Console Administration Server at *.ksc.kaspersky.com.

The Kaspersky infrastructure can use any port within this range and any web address within this mask. The port and the web address can change from time to time.

27200-27299

TCP/TLS

Receiving connections for application activation from managed devices (except for mobile devices).

Connection to the Kaspersky Security Center Cloud Console Administration Server at *.ksc.kaspersky.com.

The Kaspersky infrastructure can use any port within this range and any web address within this mask. The port and the web address can change from time to time.

29200-29299

TCP/TLS

Tunneling connections to managed devices by using the klsctunnel utility through Kaspersky Security Center Cloud Console Administration Server at *.ksc.kaspersky.com.

The Kaspersky infrastructure can use any port within this range and any web address within this mask. The port and the web address can change from time to time.

443

HTTPS

Connection to Kaspersky Security Center Cloud Console discovery service at *.ksc.kaspersky.com.

The Kaspersky infrastructure can use any web address within this mask.

1443

TCP

Connection to Kaspersky Security Network

80

TCP

Connection to the Kaspersky cloud services, such as activation and update (any address within this mask can be used by Kaspersky specialists)

The table below lists the ports that must be open on client devices where Network Agent is installed.

Ports that must be open on client devices

Port number

Protocol

Port purpose

Scope

15000

 

UDP

Receiving data from connection gateways (if in use)

Managing client devices

15000

UDP broadcast

Getting data about other Network Agents within the same broadcasting domain

Delivering updates and installation packages

15001

UDP

Receiving multicast requests from a distribution point (if in use)

Receiving updates and installation packages from a distribution point

The table below lists the additional ports that must be open on client devices where Network Agent is installed as a distribution point.

Ports used by Network Agent functioning as distribution point

Port number

Protocol

Port purpose

Scope

13000

TCP/TLS

Receiving connections from Network Agents

Managing client devices and delivering updates and installation packages

13111
(only if KSN Proxy service is run on the device)

TCP

Receiving requests from managed devices to KSN Proxy Server

KSN Proxy Server

13295
(only if you use the distribution point as a push server)

TCP/TLS

Sending push notifications to managed devices

Distribution point used as a push server

15111
(only if KSN Proxy service is run on the device)

UDP

Receiving requests from managed devices to KSN Proxy Server

KSN Proxy Server

17111
(only if KSN Proxy service is run on the device)

HTTPS

Receiving requests from managed devices to KSN Proxy Server

KSN Proxy Server

If you have one or more Administration Servers on your network and use them as secondary Administration Servers when the primary Administration Server is located in the Kaspersky infrastructure, please refer to the list of ports that are used by Kaspersky Security Center Cloud Console running on-premises. Use those ports for interaction between your secondary Administration Server (or secondary Administration Servers) and client devices.

See also:

Initial configuration of Kaspersky Security Center Cloud Console

Scenario: Migration without a hierarchy of Administration Servers

Page top