Ports used on computers with Kaspersky Anti Targeted Attack Platform components

The described rules apply to all types of hosts, regardless of configuration. The rules are applied via the kata-firewall systemd service, only for the INPUT and DOCKER-USER chains.

INPUT chain

This chain manages all connections to computers with Kaspersky Anti Targeted Attack Platform components.

Networking rules are listed in the table below.

Networking rules for the INPUT chain

Destination service or protocol	Port	Protocol
SSH	22	TCP
SMTP	25	TCP
DNS	53	TCP
HTTP	80	TCP
SNMPD	161	UDP
HTTPS	443	TCP
preprocessor_icap	1334	TCP
docker swarm	2377	TCP
etcd	2379	TCP
etcd	2380	TCP
ceph_mon	3300	TCP
VXLAN	4789	TCP/UDP
ceph_mon	6789	TCP
сeph OSD	6800:6900	TCP
docker swarm	7946	TCP/UDP
ipsec_manager	8084	TCP
pcap_manager	8085	TCP
HTTPS	8443	TCP/UDP
HTTPS	8444	TCP/UDP
suricata_metrics_exporter	9103	TCP
node_exporter	9141	TCP
cadvisor	9142	TCP
preprocessor_metrics_exporter	9191	TCP
pcap_manager_metrics_exporter	9192	TCP
ceph_mgr	9283	TCP
ceph_rgw	9284	TCP
NDR sensor	9443	TCP
kafka bootstrap	11000:11006	TCP

DOCKER-USER chain

This chain manages network connections for addressing of application components. Networking rules are listed in the table below.

Networking rules for the DOCKER-USER chain

Destination service or protocol	Port	Protocol
SMTP	25	TCP
DNS	53	TCP/UDP
HTTP	80	TCP
HTTPS	443	TCP
preprocessor_icap	1344	UDP
NDR NATS (KICKS NAT)	7423	TCP
NDR public API	8070	TCP
deployment API	8080	TCP
deployment management API	8090	TCP
authorization service	8091	TCP
HTTPS	8443	TCP
apt collector ssl	9081	TCP
Sensor	9443	TCP
NDR EKA	13520	TCP

Page top