Configuring the ports to use

To install and operate the solution components, in the settings of the network equipment or software used to control traffic between virtual machines, you need to open the ports described in the table below.

Ports used by solution components

Port and protocol

Direction

Purpose and description

All platforms

7271 TCP

From the SVM Management Wizard to the Integration Server.

For sending settings for connecting to the virtual infrastructure to the Integration Server.

7271 TCP

From the device, from which the requests are made to the Integration Server REST API, to the Integration Server.

For automating deployment and operation of the solution in multitenancy mode using the Integration Server REST API.

22 TCP

From the SVM Management Wizard to an SVM.

For SVM reconfiguration.

7271 TCP

From the SVM to Integration Server.

For interaction between the Protection Server and Integration Server.

7271 TCP

From the Light Agent to the Integration Server.

For interaction between Light Agent and Integration Server.

8000 UDP

From an SVM to the Light Agent.

For sending information about available SVMs to Light Agents using a list of SVM addresses.

8000 UDP

From Light Agent to SVM.

To provide Light Agent with information about the status of SVM.

11111 TCP

From Light Agent to SVM.

For transmitting service requests (for example, to obtain license information) from the Light Agent to the Protection Server when the connection is unprotected.

11112 TCP

From Light Agent to SVM.

For transmitting service requests (for example, to obtain license information) from the Light Agent to the Protection Server when the connection is protected.

9876 TCP

From Light Agent to SVM.

For forwarding file scan requests from the Light Agent to the Protection Server when the connection is unprotected.

9877 TCP

From Light Agent to SVM.

For transmitting file scan requests from the Light Agent to the Protection Server when the connection is protected.

80 TCP

From Light Agent to SVM.

For updating databases and application modules of the solution on the Light Agent.

15000 UDP

From Kaspersky Security Center to SVM.

For managing the Protection Server via Kaspersky Security Center.

13000 TCP

From SVM to Kaspersky Security Center.

For managing the Protection Server via Kaspersky Security Center when the connection is protected.

14000 TCP

From SVM to Kaspersky Security Center.

For managing the Protection Server via Kaspersky Security Center when the connection is unprotected.

15000 UDP

From Kaspersky Security Center to Light Agents.

For managing the Light Agent via Kaspersky Security Center.

13000 TCP

From Light Agent to Kaspersky Security Center.

For managing the Light Agent via Kaspersky Security Center when the connection is protected.

14000 TCP

From Light Agent to Kaspersky Security Center.

For managing Light Agent via Kaspersky Security Center when the connection is unprotected.

13111 TCP

From the SVM to the Kaspersky Security Center Administration Server.

For interaction between the Protection Server and KSN proxy server.

17000 TCP

From the SVM to the Kaspersky Security Center Administration Server.

For interaction between the Protection Server and Kaspersky activation servers.

VMware vSphere platform

80 TCP

443 TCP

From the SVM Management Wizard to VMware vCenter Server.

To deploy the SVM on a VMware ESXi hypervisor using a VMware vCenter Server.

443 TCP

From the SVM Management Wizard to an ESXi hypervisor.

To deploy the SVM on a VMware ESXi hypervisor using a VMware vCenter Server.

80 TCP

443 TCP

From the Integration Server to the VMware vCenter Server.

For interaction between the Integration Server and the VMware ESXi hypervisor using the VMware vCenter Server.

Microsoft Hyper-V platform

135 TCP/UDP

445 TCP/UDP

From the SVM Management Wizard to a Microsoft Windows Server (Hyper-V) hypervisor.

To deploy an SVM on a Microsoft Windows Server (Hyper-V) hypervisor.

135 TCP/UDP

445 TCP/UDP

5985 TCP

5986 TCP

From the Integration Server to the Microsoft Windows Server (Hyper-V) hypervisor.

For interaction between the Integration Server and the Microsoft Windows Server (Hyper-V) hypervisor.

XenServer platform

80 TCP

443 TCP

From the SVM Management Wizard to the XenServer hypervisor.

To deploy the SVM on a XenServer hypervisor.

80 TCP

443 TCP

From the Integration Server to the XenServer hypervisor.

For interaction between the Integration Server and the XenServer hypervisor.

KVM platform

22 TCP

From the SVM Management Wizard to a KVM hypervisor.

To deploy the SVM on a KVM hypervisor.

22 TCP

From the Integration Server to the KVM hypervisor.

For interaction between the Integration Server and the KVM hypervisor.

Proxmox VE platform

22 TCP

8006 TCP

From the SVM Management Wizard to a Proxmox VE hypervisor.

To deploy the SVM on a Proxmox VE hypervisor.

8006 TCP

From the Integration Server to the Proxmox VE hypervisor.

For interaction between the Integration Server and the Proxmox VE hypervisor.

Basis (Skala-R) platform

443 TCP

From the SVM Management Wizard to Basis.vControl (Skala-R Management).

To deploy an SVM on the R-Virtualization hypervisor using Basis.vControl (Skala-R Management).

22 TCP

From the SVM Management Wizard to an R-Virtualization hypervisor.

To deploy an SVM on the R-Virtualization hypervisor using Basis.vControl (Skala-R Management).

22 TCP

From the SVM Management Wizard to Basis.vControl (Skala-R Management).

To deploy an SVM on the R-Virtualization hypervisor using Basis.vControl (Skala-R Management).

443 TCP

From the Integration Server to Basis.vControl (Skala-R Management).

For the interaction of the Integration Server with the R-Virtualization hypervisor using Basis.vControl (Skala-R Management).

HUAWEI FusionSphere platform

7443 TCP

From the SVM Management Wizard to the HUAWEI FusionCompute VRM.

To deploy an SVM on a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM.

8779 TCP

From the SVM Management Wizard to a HUAWEI FusionCompute CNA hypervisor.

To deploy an SVM on a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM.

7443 TCP

From the Integration Server to the HUAWEI FusionCompute VRM.

For interaction between the Integration Server and a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM.

Nutanix Acropolis platform

9440 TCP

From the SVM Management Wizard to Nutanix Prism Central.

To deploy the SVMs on Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Central.

9440 TCP

From the SVM Management Wizard to Nutanix Prism Element.

To deploy the SVMs on Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Element.

9440 TCP

From the Integration Server to Nutanix Prism Central.

For interaction between the Integration Server and Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Central.

9440 TCP

From the Integration Server to Nutanix Prism Element.

For interaction between the Integration Server and Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Element.

OpenStack platform

5000 TCP

From the SVM Management Wizard to the Keystone microservice.

To deploy the SVM on a KVM hypervisor running on the OpenStack platform.

8774 TCP

From the SVM Management Wizard to the Compute (Nova) microservice.

To deploy the SVM on a KVM hypervisor running on the OpenStack platform.

8776 TCP

From the SVM Management Wizard to the Cinder microservice.

To deploy the SVM on a KVM hypervisor running on the OpenStack platform.

9292 TCP

From the SVM Management Wizard to the Glance microservice.

To deploy the SVM on a KVM hypervisor running on the OpenStack platform.

9696 TCP

From the SVM Management Wizard to the Neutron microservice.

To deploy the SVM on a KVM hypervisor running on the OpenStack platform.

5000 TCP

From the Integration Server to the Keystone microservice.

For the Integration Server’s interaction with the OpenStack platform.

8774 TCP

From the Integration Server to the Compute (Nova) microservice.

For the Integration Server’s interaction with the OpenStack platform.

VK Cloud platform

5000 TCP

From the SVM Management Wizard to the Keystone microservice.

To deploy the SVM on a KVM hypervisor running on the VK Cloud platform.

8774 TCP

From the SVM Management Wizard to the Compute (Nova) microservice.

To deploy the SVM on a KVM hypervisor running on the VK Cloud platform.

8776 TCP

From the SVM Management Wizard to the Cinder microservice.

To deploy the SVM on a KVM hypervisor running on the VK Cloud platform.

9292 TCP

From the SVM Management Wizard to the Glance microservice.

To deploy the SVM on a KVM hypervisor running on the VK Cloud platform.

9696 TCP

From the SVM Management Wizard to the Neutron microservice.

To deploy the SVM on a KVM hypervisor running on the VK Cloud platform.

5000 TCP

From the Integration Server to the Keystone microservice.

For interaction of the Integration Server with the VK Cloud platform.

8774 TCP

From the Integration Server to the Compute (Nova) microservice.

For interaction of the Integration Server with the VK Cloud platform.

TIONIX Cloud Platform

5000 TCP

From the SVM Management Wizard to the Keystone microservice.

To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform.

8774 TCP

From the SVM Management Wizard to the Compute (Nova) microservice.

To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform.

8776 TCP

From the SVM Management Wizard to the Cinder microservice.

To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform.

9292 TCP

From the SVM Management Wizard to the Glance microservice.

To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform.

9696 TCP

From the SVM Management Wizard to the Neutron microservice.

To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform.

5000 TCP

From the Integration Server to the Keystone microservice.

For interaction of the Integration Server with TIONIX Cloud Platform.

8774 TCP

From the Integration Server to the Compute (Nova) microservice.

For interaction of the Integration Server with TIONIX Cloud Platform.

ALT Virtualization Server platform

22 TCP

From the SVM Management Wizard to a hypervisor.

To deploy the SVM on a basic hypervisor of the ALT Virtualization Server platform.

22 TCP

From the Integration Server to a hypervisor.

For the Integration Server to interact with a basic hypervisor of the ALT Virtualization Server platform.

Astra Linux Platform

22 TCP

From the SVM Management Wizard to a hypervisor.

To deploy the SVM on a KVM hypervisor running on the Astra Linux platform.

22 TCP

From the Integration Server to a hypervisor.

For interaction between the Integration Server and a KVM hypervisor running on the Astra Linux platform.

Numa vServer platform

80 TCP

443 TCP

From the SVM Management Wizard to the Numa vServer hypervisor.

To deploy the SVM on a Numa vServer hypervisor.

80 TCP

443 TCP

From the Integration Server to the Numa vServer hypervisor.

For interaction between the Integration Server and the Numa vServer hypervisor.

If you use the XenServer Hypervisor or VMware ESXi hypervisor, and promiscuous mode is enabled on the network adapter of the guest operating system of the virtual machine, the guest operating system receives all Ethernet frames passing through the virtual switch, if this is allowed by the VLAN policy. This mode may be used to monitor and analyze traffic in the network segment that the SVM and protected virtual machines are operating in. If you have not configured a secure connection between the SVM and the protected virtual machines, traffic between the SVM and the protected virtual machines is not encrypted and is transmitted as plaintext. For security purposes, it is not recommended to use promiscuous mode in network segments that have a running SVM. If you need to use this mode (for example, for monitoring traffic using external virtual machines to detect attempts at unauthorized network access or to correct network failures), you need to configure the appropriate restrictions to protect traffic between the SVM and the protected virtual machines from unauthorized access.

Page top