Preparing the IT infrastructure for installing application components

Before installing the application, prepare your corporate IT infrastructure for the installation of components of Kaspersky Anti Targeted Attack Platform:

  1. Ensure that the servers, the computer intended for working with the application web interface, and the computers to be installed with the Endpoint Agent component all satisfy the hardware and software requirements.
  2. To protect the network from the objects being analyzed, deny access to the local network of the Sandbox server for the management network interface and the network interface used for internet access of processed objects.
  3. Prepare the corporate IT infrastructure in accordance with the table below:

    Ports for interaction between Kaspersky Anti Targeted Attack Platform components

    Source

    Direction

    Port or protocol

    Description

    Central Node

     

    Inbound

     

    TCP 22

    Connecting to the server over SSH

    TCP 443

    Receiving data from workstations with Endpoint Agent

    TCP 8443

    Access to the web interface of the application

    TCP 9081

    Receiving data from Sensors installed on standalone servers

    UDP 53

    Communication with the Sensor server

    Outgoing

     

    TCP 80
    TCP 443
    TCP 1443

    Communication with the KSN servers and Kaspersky update servers

    TCP 443

    Sending objects to Sandbox for scanning

    TCP 601

    Sending messages to the SIEM system

    UDP 53

    Communication with the Sensor server

    Sensor

     

    Inbound

     

    TCP 22

    Connecting to the server over SSH

    TCP 1344

    Receiving traffic from the proxy server

    TCP 25

    Receiving SMTP traffic from the mail server

    TCP 443

    When Sensor is used as a proxy server for communication between workstations with Endpoint Agent and Central Node

    UDP 53

    Communication with the Central Node server

    Outgoing

     

    TCP 80
    TCP 443

    Communication with the KSN servers and Kaspersky update servers

    TCP 995

    Integration with the mail server for secure connections

    TCP 110

    Integration with the mail server for unsecured connections

    UDP 53

    Communication with the Central Node server

    Sandbox

     

    Inbound (management
    interface)

     

    TCP 22

    Connecting to the server over SSH

    TCP 443

    Interaction with the Central Node

    TCP 8443

    Access to the web interface of the application

    Outbound (management interface)

    TCP 80
    TCP 443

    Communication with Kaspersky update servers

    Outbound (interface for internet access of processed objects)

    Any

    Access to the internet for analyzing the network behavior of processed objects

    SCN (when using the distributed solution mode)

     

    Outgoing

    TCP 8443

    For interaction between SCN and PCN over a secure link based on the IPSec protocol

     

    Inbound and outbound

    TCP 443, UDP 53
    ESP, AH,
    IKEv1 и IKEv2

    PCN (when using the distributed solution mode)

     

    Inbound

    TCP 8443

    Inbound and outbound

    TCP 443, UDP 53
    ESP, AH,
    IKEv1 и IKEv2

If you install an additional network interface that receives only mirrored traffic in a VMware ESXi™ virtual environment, use the E1000 network adapter or disable the LRO (large receive offload) option on a VMXNET3 network adapter.

See also

Preparing the IT infrastructure for integration with a mail server used for receiving messages via POP3

Preparing the IT infrastructure for integration with a mail server used for receiving messages via SMTP

Preparing the virtual machine for installing the Sandbox component

Preparing an installation disk image with the Central Node, Sensor, and Sandbox components
Page top