Configuring ports used by the application
January 10, 2024
ID 133882
To install and run application components, in the network hardware or software settings used to control network traffic between virtual machines, you must open the following ports as described in the table below.
Ports used by the application
Port and protocol | Direction | Purpose and description |
|---|---|---|
All platforms | ||
7271 TCP | From the SVM Management Wizard to the Integration Server. | To add virtual infrastructure connection settings to the Integration Server. |
7271 TCP | From the device, from which the requests are made to the Integration Server REST API, to the Integration Server. | To automate deployment and use of the application in multitenancy mode using the Integration Server REST API. |
22 TCP | From the SVM Management Wizard to an SVM. | For SVM reconfiguration. |
7271 TCP | From the SVM to Integration Server. | For interaction between the SVM and Integration Server. |
7271 TCP | From the Light Agent to the Integration Server. | For interaction between Light Agent and Integration Server. |
8000 UDP | From an SVM to the Light Agent. | For sending information about available SVMs to Light Agents using a list of SVM addresses. |
8000 UDP | From Light Agent to SVM. | To provide Light Agent with information about the status of SVM. |
11111 TCP | From Light Agent to SVM. | To transfer service requests (such as requests for license info) from Light Agent to an SVM over a non-secure connection. |
11112 TCP | From Light Agent to SVM. | To transfer service requests (such as requests for license info) from Light Agent to an SVM over a secure connection. |
9876 TCP | From Light Agent to SVM. | To send file scan requests from Light Agent to SVM over a non-secure connection. |
9877 TCP | From Light Agent to SVM. | To send file scan requests from Light Agent to SVM over a secure connection. |
80 TCP | From Light Agent to SVM. | For database and application modules updates on Light Agent. |
15000 UDP | From Kaspersky Security Center to SVM. | For management of the application on an SVM via Kaspersky Security Center. |
13000 TCP | From SVM to Kaspersky Security Center. | For management of the application on an SVM via Kaspersky Security Center over a secure connection. |
14000 TCP | From SVM to Kaspersky Security Center. | For management of the application on an SVM via Kaspersky Security Center over a non-secure connection. |
15000 UDP | From Kaspersky Security Center to Light Agents. | For management of the application on protected virtual machines via Kaspersky Security Center. |
13000 TCP | From Light Agent to Kaspersky Security Center. | For management of the application on protected virtual machines via Kaspersky Security Center over a secure connection. |
14000 TCP | From Light Agent to Kaspersky Security Center. | For management of the application on Unprotected virtual machines via Kaspersky Security Center over a non-secure connection. |
13111 TCP | From the SVM to the Kaspersky Security Center Administration Server. | For interaction between the SVM and KSN proxy server. |
17000 TCP | From the SVM to the Kaspersky Security Center Administration Server. | For interaction between the SVM and Kaspersky activation servers. |
VMware vSphere platform | ||
80 TCP 443 TCP | From the SVM Management Wizard to VMware vCenter Server. | To deploy the SVM on a VMware ESXi hypervisor using a VMware vCenter Server. |
443 TCP | From the SVM Management Wizard to an ESXi hypervisor. | To deploy the SVM on a VMware ESXi hypervisor using a VMware vCenter Server. |
80 TCP 443 TCP | From the Integration Server to the VMware vCenter Server. | For interaction between the Integration Server and the VMware ESXi hypervisor using the VMware vCenter Server. |
Microsoft Hyper-V platform | ||
135 TCP/UDP 445 TCP/UDP | From the SVM Management Wizard to a Microsoft Windows Server (Hyper-V) hypervisor. | To deploy an SVM on a Microsoft Windows Server (Hyper-V) hypervisor. |
135 TCP/UDP 445 TCP/UDP 5985 TCP 5986 TCP | From the Integration Server to the Microsoft Windows Server (Hyper-V) hypervisor. | For interaction between the Integration Server and the Microsoft Windows Server (Hyper-V) hypervisor. |
Citrix Hypervisor platform | ||
80 TCP 443 TCP | From the SVM Management Wizard to Citrix Hypervisor. | To deploy the SVM on Citrix Hypervisor. |
80 TCP 443 TCP | From the Integration Server to Citrix Hypervisor. | For interaction between the Integration Server and Citrix Hypervisor. |
KVM platform | ||
22 TCP | From the SVM Management Wizard to a KVM hypervisor. | To deploy the SVM on a KVM hypervisor. |
22 TCP | From the Integration Server to the KVM hypervisor. | For interaction between the Integration Server and the KVM hypervisor. |
Proxmox VE platform | ||
22 TCP 8006 TCP | From the SVM Management Wizard to a Proxmox VE hypervisor. | To deploy the SVM on a Proxmox VE hypervisor. |
8006 TCP | From the Integration Server to the Proxmox VE hypervisor. | For interaction between the Integration Server and the Proxmox VE hypervisor. |
Skala-R platform | ||
443 TCP | From the SVM Management Wizard to Skala-R Management. | To deploy an SVM on the R-Virtualization hypervisor using Skala-R Management. |
22 TCP | From the SVM Management Wizard to an R-Virtualization hypervisor. | To deploy an SVM on the R-Virtualization hypervisor using Skala-R Management. |
443 TCP | From the Integration Server to Skala-R Management. | For the Integration Server’s interaction with an R-Virtualization hypervisor using Skala-R Management. |
HUAWEI FusionSphere platform | ||
7443 TCP | From the SVM Management Wizard to the HUAWEI FusionCompute VRM. | To deploy an SVM on a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM. |
8779 TCP | From the SVM Management Wizard to a HUAWEI FusionCompute CNA hypervisor. | To deploy an SVM on a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM. |
7443 TCP | From the Integration Server to the HUAWEI FusionCompute VRM. | For interaction between the Integration Server and a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM. |
Nutanix Acropolis platform | ||
9440 TCP | From the SVM Management Wizard to Nutanix Prism Central. | To deploy the SVMs on Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Central. |
9440 TCP | From the SVM Management Wizard to Nutanix Prism Element. | To deploy the SVMs on Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Element. |
9440 TCP | From the Integration Server to Nutanix Prism Central. | For interaction between the Integration Server and Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Central. |
9440 TCP | From the Integration Server to Nutanix Prism Element. | For interaction between the Integration Server and Nutanix AHV hypervisor in the infrastructure managed by Nutanix Prism Element. |
TIONIX Cloud Platform | ||
5000 TCP | From the SVM Management Wizard to Keystone microservice (TIONIX Cloud Platform). | To deploy the SVM on a KVM hypervisor running on the TIONIX Cloud Platform. |
8774 TCP | From the SVM Management Wizard to Compute microservice (Nova) (TIONIX Cloud Platform). | To deploy the SVM on a KVM hypervisor running on the TIONIX Cloud Platform. |
8776 TCP | From the SVM Management Wizard to Cinder microservice (TIONIX Cloud Platform). | To deploy the SVM on a KVM hypervisor running on the TIONIX Cloud Platform. |
9292 TCP | From the SVM Management Wizard to Glance microservice (TIONIX Cloud Platform). | To deploy the SVM on a KVM hypervisor running on the TIONIX Cloud Platform. |
9696 TCP | From the SVM Management Wizard to Neutron microservice (TIONIX Cloud Platform). | To deploy the SVM on a KVM hypervisor running on the TIONIX Cloud Platform. |
5000 TCP | From the Integration Server to the Keystone microservice (TIONIX Cloud Platform). | For interaction of the Integration Server with TIONIX Cloud Platform. |
8774 TCP | From the Integration Server to the Keystone microservice (Nova) (TIONIX Cloud Platform). | For interaction of the Integration Server with TIONIX Cloud Platform. |
OpenStack platform | ||
5000 TCP | From the SVM Management Wizard to the Keystone microservice (OpenStack platform). | To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
8774 TCP | From the SVM Management Wizard to the Compute (Nova) microservice (OpenStack platform). | To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
8776 TCP | From the SVM Management Wizard to the Cinder microservice (OpenStack platform). | To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
9292 TCP | From the SVM Management Wizard to the Glance microservice (OpenStack platform). | To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
9696 TCP | From the SVM Management Wizard to the Neutron microservice (OpenStack platform). | To deploy the SVM on a KVM hypervisor running on the OpenStack platform. |
5000 TCP | From the Integration Server to the Keystone microservice (OpenStack platform). | For the Integration Server’s interaction with the OpenStack platform. |
8774 TCP | From the Integration Server to the Keystone microservice (Nova) (OpenStack platform). | For the Integration Server’s interaction with the OpenStack platform. |
ALT Virtualization Server platform | ||
22 TCP | From the SVM Management Wizard to a hypervisor. | To deploy the SVM on a basic hypervisor of the ALT Virtualization Server platform. |
22 TCP | From the Integration Server to a hypervisor. | For the Integration Server to interact with a basic hypervisor of the ALT Virtualization Server platform. |
Astra Linux Platform | ||
22 TCP | From the SVM Management Wizard to a hypervisor. | To deploy the SVM on a KVM hypervisor running on the Astra Linux platform. |
22 TCP | From the Integration Server to a hypervisor. | For interaction between the Integration Server and a KVM hypervisor running on the Astra Linux platform. |
If you plan to use Kaspersky Endpoint Agent for interaction between Kaspersky Security and Kaspersky solutions designed to detect complex threats, open the following ports on the protected virtual machine:
- 443 TCP – for communication between Kaspersky Endpoint Agent and KSN service servers and Kaspersky activation servers.
- 80 TCP and 443 TCP – for communication between Network Agent and Kaspersky Security Center to receive databases and modules updates for Kaspersky Endpoint Agent.
- Ports that you configured for Kaspersky Endpoint Agent interaction with Kaspersky Sandbox and Kaspersky Anti Targeted Attack Platform servers.
During installation, Light Agent configures the settings of Windows Firewall to allow incoming and outgoing traffic for the avp.exe process. If a domain policy is used for Windows Firewall, you must configure rules for incoming and outgoing connections for the avp.exe process in the domain policy. If a different firewall is used, you must configure a rule for connections for the avp.exe process for the firewall.
If you use Citrix Hypervisor or VMware ESXi hypervisor, and promiscuous mode is enabled on the network adapter of the virtual machine guest operating system, the guest operating system receives all Ethernet frames passing through the virtual switch, if this is allowed by the VLAN policy. This mode may be used to monitor and analyze traffic in the network segment that the SVM and protected virtual machines are operating in. If you have not configured a secure connection between the SVM and the protected virtual machines, traffic between the SVM and the protected virtual machines is not encrypted and is transmitted as plaintext. For security purposes, it is not recommended to use promiscuous mode in network segments that have a running SVM. If you need to use this mode (for example, for monitoring traffic using external virtual machines to detect attempts at unauthorized network access or to correct network failures), you need to configure the appropriate restrictions to protect traffic between the SVM and the protected virtual machines from unauthorized access.
