Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

Installing and performing initial configuration of the application

Preparing for installing application components

Preparing the IT infrastructure for installing application components

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Forum Contact support Recovery tools

Preparing the IT infrastructure for installing application components

November 8, 2023

ID 247859

Before installing the application, prepare your corporate IT infrastructure for the installation of components of Kaspersky Anti Targeted Attack Platform:

  1. Ensure that the servers, the computer intended for working with the application web interface, and the computers to be installed with the Endpoint Agent component all satisfy the hardware and software requirements.
  2. Perform the following preliminary preparations of the corporate IT infrastructure for installation of the Sandbox component:
    1. For both network interfaces, block access of the server hosting the Sandbox component to the corporate LAN in order to keep the network safe from the objects being analyzed.
    2. For the first network interface, allow Internet access for the server hosting the Sandbox component for the purpose of analysis of the behavior of objects.
    3. For the second network interface, allow inbound connections to the following ports for the server hosting the Sandbox component:
      • TCP 22 for connection to the server over the SSH protocol.
      • TCP 443 for receiving objects to scan from the Central Node component.
      • TCP 8443 for using the application web interface.
  3. Perform the following preliminary preparations of the corporate IT infrastructure for installation of the Central Node component:
    1. Allow inbound connections to the server hosting the Central Node component on the following ports:
      • TCP 22 for connection to the server via SSH.
      • TCP 443 for receiving data from computers with the Endpoint Agent component.
      • TCP 8443 for viewing scan results in the application web interface.
      • UDP 53 for communication with the server with the Sensor component.
    2. Allow outbound connections to the following ports for the server hosting the Central Node component:
      • TCP 80, 443 and 1443 for communication with servers of the KSN service and Kaspersky update servers.
      • TCP 443 for sending objects to the Sandbox component so that they can be scanned.
      • TCP 601 for sending messages to a SIEM system.
      • UDP 53 for communication with the server with the Sensor component.
  4. Perform the following preliminary preparations of the corporate IT infrastructure for installation of the Sensor component:
    1. For the network interface used for integration with a proxy server and mail server, allow inbound connections to the following ports for the server hosting the Sensor component:
      • TCP 22 for connection to the server via SSH.
      • TCP 1344 for receiving traffic from a proxy server.
      • TCP 25 for receiving SMTP traffic from a mail server.
      • TCP 443 when forwarding traffic from computers with the Endpoint Agent component to the server with the Central Node component.
      • UDP 53 for communication with the server with the Central Node component.
    2. Allow outbound connections to the following ports for the server hosting the Sensor component:
      • TCP 80 and 443 for communication with servers of the KSN service and Kaspersky update servers.
      • TCP 995 (or TCP 110 for unprotected connections) for integration with a mail server.
      • UDP 53 for communication with the server with the Central Node component.

      If you install an additional network interface that receives only mirrored traffic in a VMware ESXi virtual environment, use the E1000 network adapter or disable the LRO (large receive offload) option on a VMXNET3 network adapter.

  5. On network equipment, allow an encrypted communication channel between servers that have the Central Node and Sensor components.

    The connection between servers that have the Central Node and Sensor components is established within the encrypted communication channel based on IPSec using the ESP, AH, IKEv1, and IKEv2 protocols.

  6. If you are using the distributed solution and multitenancy mode, prepare the corporate IT infrastructure for installation of the Central Node components as follows:
    1. Allow inbound connection to port 8443 for the server with the PCN role.
    2. On your network equipment, allow establishing an encrypted communication channel between the PCN and SCN servers.

      The connection between servers that have the PCN and SCN role is established within the encrypted communication channel based on IPSec using the ESP protocol.

If needed, you can designate other ports for the application components to use in the administrator menu of the server with the Central Node component. If you change the ports in the administrator menu, you need to allow connections to these ports in your corporate IT infrastructure.

See also

Preparing the IT infrastructure for integration with a mail server used for receiving messages via POP3

Preparing the IT infrastructure for integration with a mail server used for receiving messages via SMTP

Preparing the virtual machine for installing the Sandbox component

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.