Configuring network access

If you installed the application from an RPM or DEB package, to ensure correct operation of Kaspersky Web Traffic Security you must first configure the ports on servers that have the application installed and on corporate LAN routers used for relaying traffic. If you deployed the application from an ISO image, all the ports required for operation are already configured.

Information about the required network access based on the application functionality is presented in the table below.

Network access required for operation of the application

Functionality

Distribution kit

Protocol

Port

Direction

Connection destination

Managing the application through the web interface

RPM/DEB package, ISO image

TCP

443

Inbound

Application administrator's computer

Technical Support Mode

ISO image

TCP

22

Inbound

Application administrator's computer

Interaction between cluster nodes

RPM/DEB package, ISO image

TCP

9045 by default (can be changed in the application web interface)

Inbound and outbound

Other cluster nodes

Connecting to a ICAP server

RPM/DEB package, ISO image

TCP

1344 by default (can be changed in the application web interface)

Inbound

ICAP clients and load balancers

DNS requests

RPM/DEB package, ISO image

UDP

53

Outbound

DNS servers

Connection with an external proxy server

RPM/DEB package, ISO image

TCP

8080 by default (can be changed in the application web interface)

Outbound

External proxy server

Activating the application

RPM/DEB package, ISO image

TCP

443

Outbound

Kaspersky servers

Application database update

RPM/DEB package, ISO image

TCP

80, 443

Outbound

Kaspersky servers

KSN

RPM/DEB package, ISO image

TCP

443

Outbound

Kaspersky servers

KPSN

RPM/DEB package, ISO image

TCP

443

Outbound

KPSN server

Connecting to a LDAP server

RPM/DEB package, ISO image

TCP

389

Outbound

Active Directory servers

Kerberos authentication in Active Directory

RPM/DEB package, ISO image

UDP, TCP

88

Outbound

Active Directory servers

NTLM authentication using Single Sign-On technology

RPM/DEB package, ISO image

TCP

445

Outbound

Active Directory servers

Integration with KATA

RPM/DEB package, ISO image

TCP

443 by default (can be changed in the application web interface)

Outbound

KATA server

Operation of the snmpd service

RPM/DEB package, ISO image

TCP

705 by default (can be changed in the application web interface)

Outbound

SNMP server

SNMP statistics

ISO image

UDP, TCP

161

Inbound

External monitoring system

SNMP traps

ISO image

UDP, TCP

162

Outbound

External monitoring system

Internet access when using a built-in proxy server

ISO image

TCP

Any

Outbound

Internet, intranet

Connection of users to the built-in proxy server

ISO image

TCP

3128 by default (can be changed in the application web interface)

Inbound

Corporate LAN computers

NTLM authentication on the built-in proxy server

ISO image

TCP

389, 636

Outbound

Active Directory servers

Server time synchronization

ISO image

UDP

123

Outbound

NTP servers

Page top