To install and operate the solution components, in the settings of the network equipment or software used to control traffic between devices in your infrastructure, you need to open the ports described in the table below.
Ports used by solution components
|
Port and protocol |
Direction |
Purpose and description |
|---|---|---|
|
All platforms |
||
|
7271 TCP |
From the SVM Management Wizard to the Integration Server. |
For sending settings for connecting to the virtual infrastructure to the Integration Server. |
|
7271 TCP |
From the device, from which the requests are made to the Integration Server REST API, to the Integration Server. |
For automating deployment and operation of the solution in multitenancy mode using the Integration Server REST API. |
|
22 TCP |
From the SVM Management Wizard to an SVM. |
For SVM reconfiguration. |
|
22 TCP |
From the Integration Server to the SVM. |
For SVM reconfiguration. |
|
7271 TCP |
From the SVM to Integration Server. |
For interaction between the Protection Server and Integration Server. |
|
7271 TCP |
From the Light Agent to the Integration Server. |
For interaction between Light Agent and Integration Server. |
|
8000 UDP |
From an SVM to the Light Agent. |
For sending information about available SVMs to Light Agents using a list of SVM addresses. |
|
8000 UDP |
From Light Agent to SVM. |
To provide Light Agent with information about the status of SVM. |
|
11111 TCP |
From Light Agent to SVM. |
For transmitting service requests (for example, to obtain license information) from the Light Agent to the Protection Server when the connection is unprotected. |
|
11112 TCP |
From Light Agent to SVM. |
For transmitting service requests (for example, to obtain license information) from the Light Agent to the Protection Server when the connection is protected. |
|
9876 TCP |
From Light Agent to SVM. |
For forwarding file scan requests from the Light Agent to the Protection Server when the connection is unprotected. |
|
9877 TCP |
From Light Agent to SVM. |
For transmitting file scan requests from the Light Agent to the Protection Server when the connection is protected. |
|
80 TCP |
From Light Agent to SVM. |
For updating databases and application modules of the solution on the Light Agent. |
|
15000 UDP |
From Kaspersky Security Center to SVM. |
For managing the Protection Server via Kaspersky Security Center. |
|
13000 TCP |
From SVM to Kaspersky Security Center. |
For managing the Protection Server via Kaspersky Security Center when the connection is protected. |
|
14000 TCP |
From SVM to Kaspersky Security Center. |
For managing the Protection Server via Kaspersky Security Center when the connection is unprotected. |
|
15000 UDP |
From Kaspersky Security Center to the Integration Server. |
For managing the Integration Server via Kaspersky Security Center. |
|
13000 TCP |
From the Integration Server to Kaspersky Security Center. |
For managing the Integration Server via Kaspersky Security Center when the connection is protected. |
|
14000 TCP |
From the Integration Server to Kaspersky Security Center. |
For managing the Integration Server via Kaspersky Security Center when the connection is unprotected. |
|
15000 UDP |
From Kaspersky Security Center to Light Agents. |
For managing the Light Agent via Kaspersky Security Center. |
|
13000 TCP |
From Light Agent to Kaspersky Security Center. |
For managing the Light Agent via Kaspersky Security Center when the connection is protected. |
|
14000 TCP |
From Light Agent to Kaspersky Security Center. |
For managing Light Agent via Kaspersky Security Center when the connection is unprotected. |
|
13111 TCP |
From the SVM to the Kaspersky Security Center Administration Server. |
For interaction between the Protection Server and KSN proxy server. |
|
17000 TCP |
From the SVM to the Kaspersky Security Center Administration Server. |
For interaction between the Protection Server and Kaspersky activation servers. |
|
123 UDP |
From the SVM to NTP servers obtained via DHCP or specified manually. |
Synchronizing time on the SVM with a time server. |
|
161 UDP |
From the network management system to SVM. |
Getting SVM status information via SNMP. |
|
VMware vSphere platform |
||
|
80 TCP 443 TCP |
From the SVM Management Wizard to VMware vCenter Server. |
For SVM deployment on the VMware ESXi hypervisor. |
|
443 TCP |
From the SVM Management Wizard to an ESXi hypervisor. |
For SVM deployment on the VMware ESXi hypervisor. |
|
80 TCP 443 TCP |
From the Integration Server to the VMware vCenter Server. |
For SVM deployment on the VMware ESXi hypervisor. For interaction between the Integration Server and the VMware ESXi hypervisor. |
|
443 TCP |
From the Integration Server to the ESXi hypervisor. |
For SVM deployment on the VMware ESXi hypervisor. |
|
Microsoft Hyper-V platform |
||
|
135 TCP/UDP 445 TCP/UDP |
From the SVM Management Wizard to a Microsoft Windows Server (Hyper-V) hypervisor. |
To deploy an SVM on a Microsoft Windows Server (Hyper-V) hypervisor. |
|
135 TCP/UDP 445 TCP/UDP 5985 TCP 5986 TCP |
From the Integration Server to the Microsoft Windows Server (Hyper-V) hypervisor. |
To deploy an SVM on a Microsoft Windows Server (Hyper-V) hypervisor. For interaction between the Integration Server and the Microsoft Windows Server (Hyper-V) hypervisor. |
|
XenServer platform |
||
|
80 TCP 443 TCP |
From the SVM Management Wizard to the XenServer hypervisor. |
To deploy the SVM on a XenServer hypervisor. |
|
80 TCP 443 TCP |
From the Integration Server to the XenServer hypervisor. |
To deploy the SVM on a XenServer hypervisor. For interaction between the Integration Server and the XenServer hypervisor. |
|
KVM platform |
||
|
22 TCP |
From the SVM Management Wizard to a KVM hypervisor. |
To deploy the SVM on a KVM hypervisor. |
|
22 TCP |
From the Integration Server to the KVM hypervisor. |
To deploy the SVM on a KVM hypervisor. For interaction between the Integration Server and the KVM hypervisor. |
|
Proxmox VE platform |
||
|
22 TCP 8006 TCP |
From the SVM Management Wizard to a Proxmox VE hypervisor. |
To deploy the SVM on a Proxmox VE hypervisor. |
|
22 TCP 8006 TCP |
From the Integration Server to the Proxmox VE hypervisor. |
To deploy the SVM on a Proxmox VE hypervisor. For interaction between the Integration Server and the Proxmox VE hypervisor. |
|
Basis platform |
||
|
22 TCP 443 TCP |
From the SVM Management Wizard to Basis.vControl. |
For SVM deployment on the R-Virtualization hypervisor. |
|
22 TCP |
From the SVM Management Wizard to an R-Virtualization hypervisor. |
For SVM deployment on the R-Virtualization hypervisor. |
|
22 TCP 443 TCP |
From the Integration Server to Basis.vControl. |
For SVM deployment on the R-Virtualization hypervisor. For interaction between the Integration Server and the R-Virtualization hypervisor. |
|
22 TCP |
From the Integration Server to the R-Virtualization hypervisor. |
For SVM deployment on the R-Virtualization hypervisor. |
|
Skala-R platform |
||
|
22 TCP 443 TCP |
From the SVM Management Wizard to Skala-R Management. |
For SVM deployment on the R-Virtualization hypervisor. |
|
22 TCP |
From the SVM Management Wizard to an R-Virtualization hypervisor. |
For SVM deployment on the R-Virtualization hypervisor. |
|
22 TCP 443 TCP |
From the Integration Server to Skala-R Management. |
For SVM deployment on the R-Virtualization hypervisor. For interaction between the Integration Server and the R-Virtualization hypervisor. |
|
443 TCP |
From the Integration Server to the R-Virtualization hypervisor. |
For SVM deployment on the R-Virtualization hypervisor. |
|
HUAWEI FusionSphere platform |
||
|
7443 TCP |
From the SVM Management Wizard to the HUAWEI FusionCompute VRM. |
For SVM deployment on the HUAWEI FusionCompute CNA hypervisor. |
|
8779 TCP |
From the SVM Management Wizard to a HUAWEI FusionCompute CNA hypervisor. |
For SVM deployment on the HUAWEI FusionCompute CNA hypervisor. |
|
7443 TCP |
From the Integration Server to the HUAWEI FusionCompute VRM. |
For the interaction between the Integration Server and the HUAWEI FusionCompute CNA hypervisor. |
|
8779 TCP |
From the Integration Server to the HUAWEI FusionCompute CNA hypervisor. |
For SVM deployment on the HUAWEI FusionCompute CNA hypervisor. |
|
Nutanix Acropolis platform |
||
|
9440 TCP |
From the SVM Management Wizard to Nutanix Prism Central. |
To deploy the SVMs on Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Central. |
|
9440 TCP |
From the SVM Management Wizard to Nutanix Prism Element. |
To deploy the SVMs on Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Element. |
|
OpenStack platform |
||
|
5000 TCP |
From the SVM Management Wizard to the Keystone microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
|
8774 TCP |
From the SVM Management Wizard to the Compute (Nova) microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
|
8776 TCP |
From the SVM Management Wizard to the Cinder microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
|
9292 TCP |
From the SVM Management Wizard to the Glance microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
|
9696 TCP |
From the SVM Management Wizard to the Neutron microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
|
5000 TCP |
From the Integration Server to the Keystone microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. For the Integration Server’s interaction with the OpenStack platform. |
|
8774 TCP |
From the Integration Server to the Compute (Nova) microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. For the Integration Server’s interaction with the OpenStack platform. |
|
8776 TCP |
From the Integration Server to the Cinder microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
|
9292 TCP |
From the Integration Server to the Glance microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
|
9696 TCP |
From the Integration Server to the Neutron microservice. |
To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
|
VK Private Cloud platform |
||
|
5000 TCP |
From the SVM Management Wizard to the Keystone microservice. |
To deploy the SVM on a KVM hypervisor running on VK Private Cloud. |
|
8774 TCP |
From the SVM Management Wizard to the Compute (Nova) microservice. |
To deploy the SVM on a KVM hypervisor running on VK Private Cloud. |
|
8776 TCP |
From the SVM Management Wizard to the Cinder microservice. |
To deploy the SVM on a KVM hypervisor running on VK Private Cloud. |
|
9292 TCP |
From the SVM Management Wizard to the Glance microservice. |
To deploy the SVM on a KVM hypervisor running on VK Private Cloud. |
|
9696 TCP |
From the SVM Management Wizard to the Neutron microservice. |
To deploy the SVM on a KVM hypervisor running on VK Private Cloud. |
|
5000 TCP |
From the Integration Server to the Keystone microservice. |
To deploy the SVM on a KVM hypervisor running on VK Private Cloud. For interaction of the Integration Server with VK Private Cloud. |
|
8774 TCP |
From the Integration Server to the Compute (Nova) microservice. |
To deploy the SVM on a KVM hypervisor running on VK Private Cloud. For interaction of the Integration Server with VK Private Cloud. |
|
8776 TCP |
From the Integration Server to the Cinder microservice. |
To deploy the SVM on a KVM hypervisor running on VK Private Cloud. |
|
9292 TCP |
From the Integration Server to the Glance microservice. |
To deploy the SVM on a KVM hypervisor running on VK Private Cloud. |
|
9696 TCP |
From the Integration Server to the Neutron microservice. |
To deploy the SVM on a KVM hypervisor running on VK Private Cloud. |
|
TIONIX Cloud Platform |
||
|
5000 TCP |
From the SVM Management Wizard to the Keystone microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. |
|
8774 TCP |
From the SVM Management Wizard to the Compute (Nova) microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. |
|
8776 TCP |
From the SVM Management Wizard to the Cinder microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. |
|
9292 TCP |
From the SVM Management Wizard to the Glance microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. |
|
9696 TCP |
From the SVM Management Wizard to the Neutron microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. |
|
5000 TCP |
From the Integration Server to the Keystone microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. For interaction of the Integration Server with TIONIX Cloud Platform. |
|
8774 TCP |
From the Integration Server to the Compute (Nova) microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. For interaction of the Integration Server with TIONIX Cloud Platform. |
|
8776 TCP |
From the Integration Server to the Cinder microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. |
|
9292 TCP |
From the Integration Server to the Glance microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. |
|
9696 TCP |
From the Integration Server to the Neutron microservice. |
To deploy the SVM on a KVM hypervisor running on TIONIX Cloud Platform. |
|
ALT Virtualization Server platform |
||
|
22 TCP |
From the SVM Management Wizard to a hypervisor. |
To deploy the SVM on a basic hypervisor of the ALT Virtualization Server platform. |
|
22 TCP |
From the Integration Server to a hypervisor. |
To deploy the SVM on a basic hypervisor of the ALT Virtualization Server platform. For the Integration Server to interact with a basic hypervisor of the ALT Virtualization Server platform. |
|
Astra Linux Platform |
||
|
22 TCP |
From the SVM Management Wizard to a hypervisor. |
To deploy the SVM on a KVM hypervisor running on the Astra Linux platform. |
|
22 TCP |
From the Integration Server to a hypervisor. |
To deploy the SVM on a KVM hypervisor running on the Astra Linux platform. For interaction between the Integration Server and a KVM hypervisor running on the Astra Linux platform. |
|
Numa vServer platform |
||
|
80 TCP 443 TCP |
From the SVM Management Wizard to the Numa vServer hypervisor. |
To deploy the SVM on a Numa vServer hypervisor. |
|
80 TCP 443 TCP |
From the Integration Server to the Numa vServer hypervisor. |
To deploy the SVM on a Numa vServer hypervisor. For interaction between the Integration Server and the Numa vServer hypervisor. |
|
Basis Dynamix Standard platform |
||
|
22 TCP 443 TCP |
From the SVM Management Wizard to Basis.vControl. |
For SVM deployment on a Basis.vCore hypervisor. |
|
22 TCP |
From the SVM Management Wizard to the Basis.vCore hypervisor. |
For SVM deployment on a Basis.vCore hypervisor. |
|
22 TCP 443 TCP |
From the Integration Server to Basis.vControl. |
For SVM deployment on a Basis.vCore hypervisor. For interaction between the Integration Server and the Basis.vCore hypervisor. |
|
22 TCP |
From the Integration Server to the Basis.vCore hypervisor. |
For SVM deployment on a Basis.vCore hypervisor. |
If you use the XenServer Hypervisor or VMware ESXi hypervisor, and promiscuous mode is enabled on the network adapter of the guest operating system of the virtual machine, the guest operating system receives all Ethernet frames passing through the virtual switch, if this is allowed by the VLAN policy. This mode may be used to monitor and analyze traffic in the network segment that the SVM and protected virtual machines are operating in. If you have not configured a secure connection between the SVM and the protected virtual machines, traffic between the SVM and the protected virtual machines is not encrypted and is transmitted as plaintext. For security purposes, it is not recommended to use promiscuous mode in network segments that have a running SVM. If you need to use this mode (for example, for monitoring traffic using external virtual machines to detect attempts at unauthorized network access or to correct network failures), you need to configure the appropriate restrictions to protect traffic between the SVM and the protected virtual machines from unauthorized access.
Page top