Configuring ports used by the application

To install and run application components, in the network hardware or software settings used to control network traffic between virtual machines, you must open the following ports as described in the table below.

Ports used by the application

Port and protocol

Direction

Purpose and description

80 TCP

443 TCP

From the SVM Management Wizard to a VMware vCenter Server.

To deploy the SVM on a VMware ESXi hypervisor using a VMware vCenter Server.

443 TCP

From the SVM Management Wizard to an ESXi hypervisor.

To deploy the SVM on a VMware ESXi hypervisor using a VMware vCenter Server.

135 TCP/UDP

445 TCP/UDP

From the SVM Management Wizard to a Microsoft Windows Server (Hyper-V) hypervisor.

To deploy an SVM on a Microsoft Windows Server (Hyper-V) hypervisor.

80 TCP

443 TCP

From the SVM Management Wizard to a Citrix Hypervisor (Citrix XenServer).

To deploy the SVM on a Citrix Hypervisor (Citrix XenServer).

22 TCP

From the SVM Management Wizard to a KVM hypervisor.

To deploy the SVM on a KVM hypervisor.

22 TCP

8006 TCP

From the SVM Management Wizard to a Proxmox VE hypervisor.

To deploy the SVM on a Proxmox VE hypervisor.

7443 TCP

From the SVM Management Wizard to the HUAWEI FusionCompute VRM.

To deploy an SVM on a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM.

8779 TCP

From the SVM Management Wizard to a HUAWEI FusionCompute CNA hypervisor.

To deploy an SVM on a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM.

22 TCP

From the SVM Management Wizard to an SVM.

For SVM reconfiguration.

7271 TCP

From the SVM Management Wizard to the Integration Server.

For adding hypervisor connection settings to the Integration Server.

80 TCP

443 TCP

From the Integration Server to the VMware vCenter Server.

For interaction between the Integration Server and the VMware ESXi hypervisor using the VMware vCenter Server.

135 TCP/UDP

445 TCP/UDP

5985 TCP

5986 TCP

From the Integration Server to the Microsoft Windows Server (Hyper-V) hypervisor.

For interaction between the Integration Server and the Microsoft Windows Server (Hyper-V) hypervisor.

80 TCP

443 TCP

From the Integration Server to the Citrix Hypervisor (Citrix XenServer).

For interaction between the Integration Server and the Citrix Hypervisor (Citrix XenServer).

22 TCP

From the Integration Server to the KVM hypervisor.

For interaction between the Integration Server and the KVM hypervisor.

8006 TCP

From the Integration Server to the Proxmox VE hypervisor.

For interaction between the Integration Server and the Proxmox VE hypervisor.

7443 TCP

From the Integration Server to the HUAWEI FusionCompute VRM.

For interaction between the Integration Server and a HUAWEI FusionCompute CNA hypervisor using the HUAWEI FusionCompute VRM.

9440 TCP

From the Integration Server to Nutanix Prism.

For interaction between the Integration Server and a Nutanix AHV hypervisor using Nutanix Prism.

Protection of the virtual infrastructure on the Nutanix Acropolis platform is supported only in the following Kaspersky Security updates: 5.1.1, 5.1.2, and 5.1.3.

8000 UDP

From an SVM to a Light Agent.

For sending information about available SVMs to Light Agents using a list of SVM addresses.

7271 TCP

From the SVM Management Wizard to the Integration Server.

For adding hypervisor connection settings to the Integration Server.

7271 TCP

From the SVM to Integration Server.

For interaction between the SVM and Integration Server.

7271 TCP

From Light Agent to Integration Server.

For interaction between Light Agent and Integration Server.

7271 TCP

From the device, from which the requests are made to the Integration Server REST API, to the Integration Server.

To automate deployment and application usage in multitenancy mode using the Integration Server REST API.

8000 UDP

From Light Agent to SVM.

To provide Light Agent with information about the status of SVM.

11111 TCP

From Light Agent to SVM.

To transfer service requests (such as requests for license info) from Light Agent to SVM over a non-secure connection.

11112 TCP

From Light Agent to SVM.

To transfer service requests (such as requests for license info) from Light Agent to SVM over a secure connection.

9876 TCP

From Light Agent to SVM.

To send file scan requests from Light Agent to SVM over a non-secure connection.

9877 TCP

From Light Agent to SVM.

To send file scan requests from Light Agent to SVM over a secure connection.

80 TCP

From Light Agent to SVM.

For database and application modules updates on Light Agent.

15000 UDP

From Kaspersky Security Center to SVM.

For management of the application on an SVM via Kaspersky Security Center.

13000 TCP

From SVM to Kaspersky Security Center.

For management of the application on an SVM via Kaspersky Security Center.

15000 UDP

From Kaspersky Security Center to Light Agents.

For management of the application on protected virtual machines via Kaspersky Security Center.

14000 TCP

From Light Agent to Kaspersky Security Center.

For management of the application on protected virtual machines via Kaspersky Security Center.

During installation, Light Agent configures the settings of Windows Firewall to allow incoming and outgoing traffic for the avp.exe process. If a domain policy is used for Windows Firewall, you must configure rules for incoming and outgoing connections for the avp.exe process in the domain policy. If a different firewall is used, you must configure a rule for connections for the avp.exe process for the firewall.

If you are using a VMware ESXi or Citrix Hypervisor (Citrix XenServer), and promiscuous mode is enabled on the network adapter of the virtual machine's guest operating system, the guest operating system receives all Ethernet frames passing through the virtual switch, if this is allowed by the VLAN policy. This mode may be used to monitor and analyze traffic in the network segment that the SVM and protected virtual machines are operating in. If you have not configured a secure connection between the SVM and the protected virtual machines, traffic between the SVM and the protected virtual machines is not encrypted and is transmitted as plaintext. For security purposes, it is not recommended to use promiscuous mode in network segments that have a running SVM. If you need to use this mode (for example, for monitoring traffic using external virtual machines to detect attempts at unauthorized network access or to correct network failures), you need to configure the appropriate restrictions to protect traffic between the SVM and the protected virtual machines from unauthorized access.

Page top