To install and operate the solution components, in the settings of the network equipment or software used to control traffic between virtual machines, you need to open the ports described in the table below.
Ports used by solution components
Port and protocol |
Direction |
Purpose and description |
---|---|---|
All platforms |
||
7271 TCP |
From the SVM Management Wizard to the Integration Server. |
For sending settings for connecting to the virtual infrastructure to the Integration Server. |
7271 TCP |
From the device, from which the requests are made to the Integration Server REST API, to the Integration Server. |
For automating deployment and operation of the solution in multitenancy mode using the Integration Server REST API. |
22 TCP |
From the SVM Management Wizard to an SVM. |
For SVM reconfiguration. |
7271 TCP |
From the SVM to Integration Server. |
For interaction between the Protection Server and Integration Server. |
7271 TCP |
From the Light Agent to the Integration Server. |
For interaction between Light Agent and Integration Server. |
8000 UDP |
From an SVM to the Light Agent. |
For sending information about available SVMs to Light Agents using a list of SVM addresses. |
8000 UDP |
From Light Agent to SVM. |
To provide Light Agent with information about the status of SVM. |
11111 TCP |
From Light Agent to SVM. |
For transmitting service requests (for example, to obtain license information) from the Light Agent to the Protection Server when the connection is unprotected. |
11112 TCP |
From Light Agent to SVM. |
For transmitting service requests (for example, to obtain license information) from the Light Agent to the Protection Server when the connection is protected. |
9876 TCP |
From Light Agent to SVM. |
For forwarding file scan requests from the Light Agent to the Protection Server when the connection is unprotected. |
9877 TCP |
From Light Agent to SVM. |
For transmitting file scan requests from the Light Agent to the Protection Server when the connection is protected. |
80 TCP |
From Light Agent to SVM. |
For updating databases and application modules of the solution on the Light Agent. |
15000 UDP |
From Kaspersky Security Center to SVM. |
For managing the Protection Server via Kaspersky Security Center. |
13000 TCP |
From SVM to Kaspersky Security Center. |
For managing the Protection Server via Kaspersky Security Center when the connection is protected. |
14000 TCP |
From SVM to Kaspersky Security Center. |
For managing the Protection Server via Kaspersky Security Center when the connection is unprotected. |
15000 UDP |
From Kaspersky Security Center to Light Agents. |
For managing the Light Agent via Kaspersky Security Center. |
13000 TCP |
From Light Agent to Kaspersky Security Center. |
For managing the Light Agent via Kaspersky Security Center when the connection is protected. |
14000 TCP |
From Light Agent to Kaspersky Security Center. |
For managing Light Agent via Kaspersky Security Center when the connection is unprotected. |
13111 TCP |
From the SVM to the Kaspersky Security Center Administration Server. |
For interaction between the Protection Server and KSN proxy server. |
17000 TCP |
From the SVM to the Kaspersky Security Center Administration Server. |
For interaction between the Protection Server and Kaspersky activation servers. |
VMware vSphere platform |
||
80 TCP 443 TCP |
From the SVM Management Wizard to VMware vCenter Server. |
To deploy the SVM on a VMware ESXi hypervisor using a VMware vCenter Server. |
443 TCP |
From the SVM Management Wizard to an ESXi hypervisor. |
To deploy the SVM on a VMware ESXi hypervisor using a VMware vCenter Server. |
80 TCP 443 TCP |
From the Integration Server to the VMware vCenter Server. |
For interaction between the Integration Server and the VMware ESXi hypervisor using the VMware vCenter Server. |
Microsoft Hyper-V platform |
||
135 TCP/UDP 445 TCP/UDP |
From the SVM Management Wizard to a Microsoft Windows Server (Hyper-V) hypervisor. |
To deploy an SVM on a Microsoft Windows Server (Hyper-V) hypervisor. |
135 TCP/UDP 445 TCP/UDP 5985 TCP 5986 TCP |
From the Integration Server to the Microsoft Windows Server (Hyper-V) hypervisor. |
For interaction between the Integration Server and the Microsoft Windows Server (Hyper-V) hypervisor. |
XenServer platform |
||
80 TCP 443 TCP |
From the SVM Management Wizard to the XenServer hypervisor. |
To deploy the SVM on a XenServer hypervisor. |
80 TCP 443 TCP |
From the Integration Server to the XenServer hypervisor. |
For interaction between the Integration Server and the XenServer hypervisor. |
KVM platform |
||
22 TCP |
From the SVM Management Wizard to a KVM hypervisor. |
To deploy the SVM on a KVM hypervisor. |
22 TCP |
From the Integration Server to the KVM hypervisor. |
For interaction between the Integration Server and the KVM hypervisor. |
Proxmox VE platform |
||
22 TCP 8006 TCP |
From the SVM Management Wizard to a Proxmox VE hypervisor. |
To deploy the SVM on a Proxmox VE hypervisor. |
8006 TCP |
From the Integration Server to the Proxmox VE hypervisor. |
For interaction between the Integration Server and the Proxmox VE hypervisor. |
Basis (Skala-R) platform |
||
443 TCP |
From the SVM Management Wizard to Basis.vControl (Skala-R Management). |
To deploy an SVM on the R-Virtualization hypervisor using Basis.vControl (Skala-R Management). |
22 TCP |
From the SVM Management Wizard to an R-Virtualization hypervisor. |
To deploy an SVM on the R-Virtualization hypervisor using Basis.vControl (Skala-R Management). |
22 TCP |
From the SVM Management Wizard to Basis.vControl (Skala-R Management). |
To deploy an SVM on the R-Virtualization hypervisor using Basis.vControl (Skala-R Management). |
443 TCP |
From the Integration Server to Basis.vControl (Skala-R Management). |
For the interaction of the Integration Server with the R-Virtualization hypervisor using Basis.vControl (Skala-R Management). |
HUAWEI FusionSphere platform |
||
7443 TCP |
From the SVM Management Wizard to the HUAWEI FusionCompute VRM. |
To deploy an SVM on a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM. |
8779 TCP |
From the SVM Management Wizard to a HUAWEI FusionCompute CNA hypervisor. |
To deploy an SVM on a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM. |
7443 TCP |
From the Integration Server to the HUAWEI FusionCompute VRM. |
For interaction between the Integration Server and a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM. |
Nutanix Acropolis platform |
||
9440 TCP |
From the SVM Management Wizard to Nutanix Prism Central. |
To deploy the SVMs on Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Central. |
9440 TCP |
From the SVM Management Wizard to Nutanix Prism Element. |
To deploy the SVMs on Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Element. |
9440 TCP |
From the Integration Server to Nutanix Prism Central. |
For interaction between the Integration Server and Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Central. |
9440 TCP |
From the Integration Server to Nutanix Prism Element. |
For interaction between the Integration Server and Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Element. |
OpenStack platform |
||
5000 TCP |
From the SVM Management Wizard to the Keystone microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
8774 TCP |
From the SVM Management Wizard to the Compute (Nova) microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
8776 TCP |
From the SVM Management Wizard to the Cinder microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
9292 TCP |
From the SVM Management Wizard to the Glance microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
9696 TCP |
From the SVM Management Wizard to the Neutron microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
5000 TCP |
From the Integration Server to the Keystone microservice. |
For the Integration Server’s interaction with the OpenStack platform. |
8774 TCP |
From the Integration Server to the Compute (Nova) microservice. |
For the Integration Server’s interaction with the OpenStack platform. |
VK Cloud platform |
||
5000 TCP |
From the SVM Management Wizard to the Keystone microservice. |
To deploy the SVM on a KVM hypervisor running on the VK Cloud platform. |
8774 TCP |
From the SVM Management Wizard to the Compute (Nova) microservice. |
To deploy the SVM on a KVM hypervisor running on the VK Cloud platform. |
8776 TCP |
From the SVM Management Wizard to the Cinder microservice. |
To deploy the SVM on a KVM hypervisor running on the VK Cloud platform. |
9292 TCP |
From the SVM Management Wizard to the Glance microservice. |
To deploy the SVM on a KVM hypervisor running on the VK Cloud platform. |
9696 TCP |
From the SVM Management Wizard to the Neutron microservice. |
To deploy the SVM on a KVM hypervisor running on the VK Cloud platform. |
5000 TCP |
From the Integration Server to the Keystone microservice. |
For interaction of the Integration Server with the VK Cloud platform. |
8774 TCP |
From the Integration Server to the Compute (Nova) microservice. |
For interaction of the Integration Server with the VK Cloud platform. |
TIONIX Cloud Platform |
||
5000 TCP |
From the SVM Management Wizard to the Keystone microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. |
8774 TCP |
From the SVM Management Wizard to the Compute (Nova) microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. |
8776 TCP |
From the SVM Management Wizard to the Cinder microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. |
9292 TCP |
From the SVM Management Wizard to the Glance microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. |
9696 TCP |
From the SVM Management Wizard to the Neutron microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. |
5000 TCP |
From the Integration Server to the Keystone microservice. |
For interaction of the Integration Server with TIONIX Cloud Platform. |
8774 TCP |
From the Integration Server to the Compute (Nova) microservice. |
For interaction of the Integration Server with TIONIX Cloud Platform. |
ALT Virtualization Server platform |
||
22 TCP |
From the SVM Management Wizard to a hypervisor. |
To deploy the SVM on a basic hypervisor of the ALT Virtualization Server platform. |
22 TCP |
From the Integration Server to a hypervisor. |
For the Integration Server to interact with a basic hypervisor of the ALT Virtualization Server platform. |
Astra Linux Platform |
||
22 TCP |
From the SVM Management Wizard to a hypervisor. |
To deploy the SVM on a KVM hypervisor running on the Astra Linux platform. |
22 TCP |
From the Integration Server to a hypervisor. |
For interaction between the Integration Server and a KVM hypervisor running on the Astra Linux platform. |
Numa vServer platform |
||
80 TCP 443 TCP |
From the SVM Management Wizard to the Numa vServer hypervisor. |
To deploy the SVM on a Numa vServer hypervisor. |
80 TCP 443 TCP |
From the Integration Server to the Numa vServer hypervisor. |
For interaction between the Integration Server and the Numa vServer hypervisor. |
If you use the XenServer Hypervisor or VMware ESXi hypervisor, and promiscuous mode is enabled on the network adapter of the guest operating system of the virtual machine, the guest operating system receives all Ethernet frames passing through the virtual switch, if this is allowed by the VLAN policy. This mode may be used to monitor and analyze traffic in the network segment that the SVM and protected virtual machines are operating in. If you have not configured a secure connection between the SVM and the protected virtual machines, traffic between the SVM and the protected virtual machines is not encrypted and is transmitted as plaintext. For security purposes, it is not recommended to use promiscuous mode in network segments that have a running SVM. If you need to use this mode (for example, for monitoring traffic using external virtual machines to detect attempts at unauthorized network access or to correct network failures), you need to configure the appropriate restrictions to protect traffic between the SVM and the protected virtual machines from unauthorized access.
Page top