For correct interaction between the administrator host and target hosts, you must provide connection access from the administrator host to the target hosts by the ports listed in the table below. These ports cannot be changed.
For interaction between the administrator host and hosts that are used for the installation of the KUMA services and are located outside the Kubernetes cluster, you must provide access only by TCP 22 port.
Ports used for interaction between the administrator host and target hosts
Port |
Protocol |
Direction |
Source |
Destination |
Port purpose |
|---|---|---|---|---|---|
22 |
TCP |
Inbound |
Administrator host |
Target hosts |
Providing the SSH connection from the administrator host to the target hosts. Providing the SSH connection from the administrator host to the hosts that are used for the installation of the external KUMA services. |
2379, 2380 |
TCP |
Inbound |
Administrator host |
Target host (primary node) |
Connection to the Kubernetes storage (ETCD). |
5995 |
TCP |
Inbound |
Administrator host |
Target host (primary node) |
Connection to the Docker registry. |
6443 |
TCP |
Inbound |
Administrator host |
Target host (primary node) |
Connection to the Kubernetes API. |
For properly work of the Kaspersky Next XDR Expert components, the target hosts must be located in the same broadcast domain.
The table below contains the ports that must be opened on the firewalls of all target hosts of the cluster. These ports cannot be changed.
If you use the firewalld or UFW firewall on your target hosts, KDT opens the required ports on the firewalls automatically. Otherwise, you can open the listed ports manually before you deploy Kaspersky Next XDR Expert.
Required ports used by the Kaspersky Next XDR Expert components
Port |
Protocol |
Direction |
Source |
Destination |
Port purpose |
|---|---|---|---|---|---|
80, 8080 |
TCP (HTTP) |
Inbound |
Browser |
Target hosts of the cluster |
Receiving connections from browser. Redirecting to the 443 TCP (HTTPS) port. |
443, 8443 |
TCP (HTTPS) |
Inbound |
Browser |
Target hosts of the cluster |
Receiving connections from browser. Receiving connections to the Administration Server over OpenAPI. Used to automate scenarios for working with the Administration Server. |
13000 |
TCP |
Inbound |
Network Agent or secondary Administration Server |
Target hosts of the cluster |
Receiving connections from Network Agents and secondary Administration Servers. |
13000 |
UDP |
Inbound |
Network Agent |
Target hosts of the cluster |
Receiving information about devices that were turned off from Network Agents. |
14000 |
TCP |
Inbound |
Network Agent |
Target hosts of the cluster |
Receiving connections from Network Agents. |
17000 |
TCP |
Inbound |
Managed devices |
Target hosts of the cluster |
Receiving connections for application activation from managed devices (except for mobile devices). |
19170 |
TCP (HTTPS) |
Outbound |
Target hosts of the cluster |
Managed devices |
Remote access to managed devices by using OSMP Console. |
7210 |
TCP |
Inbound |
KUMA target hosts |
Target hosts of the cluster |
Receiving of the KUMA configuration from the KUMA Core server. |
7220 |
TCP |
Inbound |
Browser |
Target hosts of the cluster |
Receiving connections from browser. |
7222 |
TCP |
Inbound |
Browser |
Target hosts of the cluster |
Reversing proxy in the CyberTrace system. |
7224 |
TCP |
Inbound |
Browser |
Target hosts of the cluster |
Callbacks for Identity and Access Manager (IAM). |
The table below contains the ports that are not opened by default on the firewalls during the Kaspersky Next XDR Expert deployment. These ports cannot be changed.
If you need to perform actions listed in the Port purpose column of the table below, you can open the corresponding ports on the firewalls of all target hosts manually.
Optional ports on the firewall used by the Kaspersky Next XDR Expert components
Port |
Protocol |
Direction |
Source |
Destination |
Port purpose |
|---|---|---|---|---|---|
8060 |
TCP |
Outbound |
Target hosts of the cluster |
Managed devices |
Transmitting published installation packages to managed devices. |
8061 |
TCP |
Outbound |
Target hosts of the cluster |
Managed devices |
Transmitting published installation packages to managed devices. |
13111 |
TCP |
Inbound |
Managed devices |
Target hosts of the cluster |
Receiving requests from managed devices to KSN proxy server. |
15111 |
UDP |
Inbound |
Managed devices |
Target hosts of the cluster |
Receiving requests from managed devices to KSN proxy server. |
17111 |
TCP |
Inbound |
Managed devices |
Target hosts of the cluster |
Receiving requests from managed devices to KSN proxy server. |
5432 |
TCP |
Inbound |
DBMS (PostgreSQL) |
Target hosts of the cluster |
Interaction with the DBMS (PostgreSQL). This port is used only if you perform the demonstration deployment and install the DBMS on the target host inside the Kubernetes cluster. |
The table below contains the ports that must be opened for functioning of the Kubernetes cluster and infrastructure components. These ports cannot be changed.
If you use the firewalld or UFW firewall on your target hosts, the KDT opens the required ports on the firewalls automatically. Otherwise, you can open the listed ports manually before you deploy Kaspersky Next XDR Expert.
Ports used by the Kubernetes cluster and infrastructure components
Port |
Protocol |
Node |
|---|---|---|
80 |
TCP |
Primary node |
443 |
TCP |
Primary node |
10250 |
TCP |
Primary node |
9443 |
TCP |
Primary node |
6443 |
TCP |
Primary node |
8132 |
TCP |
Primary node |
5995 |
TCP |
Primary node |
80 |
TCP |
Worker node |
443 |
TCP |
Worker node |
179 |
TCP |
Worker node |
10250 |
TCP |
Worker node |
10255 |
TCP |
Worker node |
9443 |
TCP |
Worker node |
6443 |
TCP |
Worker node |
9500 |
TCP |
Worker node |
9501 |
TCP |
Worker node |
9502 |
TCP |
Worker node |
9503 |
TCP |
Worker node |
8500 |
TCP |
Worker node |
8501 |
TCP |
Worker node |
3260 |
TCP |
Worker node |
8000 |
TCP |
Worker node |
8002 |
TCP |
Worker node |
2049 |
TCP |
Worker node |
3370 |
TCP |
Worker node |
179 |
UDP |
Worker node |
51820 |
UDP |
Worker node |
51821 |
UDP |
Worker node |
For correct work of the KUMA services that are not included in a Kubernetes cluster, you must open the ports listed in the table below. The table below shows the default network ports values. These ports automatically open during the KUMA installation.
Ports used for the interaction with the external KUMA services
Port |
Protocol |
Direction |
Source |
Destination |
Port purpose |
|---|---|---|---|---|---|
8123 |
HTTPS |
Inbound |
Storage service |
ClickHouse cluster node |
Writing and receiving normalized events in the ClickHouse cluster. |
9009 |
HTTPS |
Inbound/Outbound |
ClickHouse cluster replica |
ClickHouse cluster replica |
Internal communication between ClickHouse cluster replicas for transferring data of the cluster. |
2181 |
TCP |
Inbound |
ClickHouse cluster nodes |
ClickHouse keeper replication coordination service |
Receiving and writing of replication metadata by replicas of ClickHouse servers. |
2182 |
TCP |
Inbound/Outbound |
ClickHouse keeper replication coordination service |
ClickHouse keeper replication coordination service |
Internal communication between replication coordination services to reach a quorum. |
8001 |
TCP |
Inbound |
Victoria Metrics |
ClickHouse server |
Receiving ClickHouse server operation metrics. |
9000 |
TCP |
Inbound |
ClickHouse client |
ClickHouse cluster node |
Writing and receiving data in the ClickHouse cluster. |
If you create an additional KUMA service (collector, correlator or storage) on a server, you need to manually open a port that corresponds to the created service on the server. You can use port TCP 7221 or other port used for service installation.
If the out of the box example services are used, the following ports automatically open during the Kaspersky Next XDR Expert deployment: