Forcepoint Email Security ports

Applies to:
  • Forcepoint Email Security, v8.5.x

The following ports are used on the Forcepoint Email Security appliance.

If you are running Forcepoint Email Security in Azure, you must use the C interface IP address. Ensure that all ports are opened for the C interface.

Note: If any of the ports in this document are dropped, blocked, or decrypted (including SSL Decryption or Deep Packet Inspection) by any firewall or intrusion detection/ prevention device, your Email Security environment may not function properly.
Interface Port Direction Description
C/P1/P2 9449 Inbound Personal Email Manager load balancing, Secure Message Delivery end-user portal

C/P1/P2

(C recommended)

6671 Inbound SSL proxy to be accessed by the Email Security module of the Security Manager
C/P1/P2 6643 Inbound Personal Email Manager user interface
P1/P2 17700* Inbound Email data loss prevention system health and log data
P1/P2 25 Inbound SMTP
P1/P2 2525 Inbound Receipt of messages from data loss prevention function for encryption

* The port range 17700-17714 must be open for communications with Forcepoint Email Security.

The following ports are used on the appliance for outbound connections to Forcepoint DLP.

Interface Port Direction Description
C/P1/P2

17500-

17515*

Outbound Fingerprint status
C/P1/P2

17500-

17515*

Outbound Fingerprint repository
C/P1/P2 17443 Outbound Registration, syslog, forensics, incidents
C/P1/P2 17444 Outbound Fingerprint download
C/P1/P2

17500-

17515*

Outbound Message analysis
C/P1/P2 80 Outbound Fingerprint repository synchronization

* This is the default range. The starting location of the range (17500) is configurable.

The following ports are used by Forcepoint Email Security off-appliance components.

Interface Port Direction Description
C/P1/P2 9443 Inbound Email Security module of the Security Manager
P1/P2 50800 Inbound Email Log Server
P1/P2 50900 Inbound Email Log Server backup alerts port
P1/P2 1433

1434

Outbound Email Log Database default instance
P1/P2 443 Outbound Email hybrid service
P1/P2 15868 Outbound Filtering Service (a web protection component)
P1/P2 56992 Outbound Linking Service (a web protection component)
P1/P2 389

636

Outbound LDAP server
P1/P2 80 Outbound Database download server
P1/P2 53 Outbound DNS server
C 162 Outbound SNMP Trap server