Forcepoint FlexEdge Secure SD-WAN Engine ports

The most important default ports used in communications to and from Secure SD-WAN Engines and Master Engines are presented in the following illustrations.

See the table for a complete list of default ports for the engines.

Note: Master Engines use the same default ports as clustered Secure SD-WAN Engines. Virtual Engines do not communicate directly with other system components.

Figure: Destination ports for basic Secure SD-WAN Engine communications



Figure: Default destination ports for Secure SD-WAN Engine service communications



This table lists the default ports for Secure SD-WAN Engines and Master Engines. Many of these ports can be changed. The names of corresponding default Service elements are also included for your reference.

Table 1. Secure SD-WAN Engine and Master Engine default ports
Listening host Port/protocol Contacting hosts Service description Service element name
Certificate Revocation List (CRL) server 80/TCP Engine Online certificate status protocol (OCSP) queries and fetching CRLs. HTTP
DHCP server 67/UDP Engine Relayed DHCP requests and requests from a engine that uses dynamic IP address. BOOTPS (UDP)
DHCPv6 server 547/UDP Engine Requests from a engine that uses dynamic IPv6 address. N/A
External DNS server 53/UDP, 53/TCP Engine, Master Engine DNS resolution and dynamic DNS updates. DNS (TCP), DNS (UDP)
File reputation server 443/TCP Engine, Layer 2 Engine, IPS, Master Engine GTI File Reputation Server HTTPS
Engine 67/UDP Any DHCP relay on engine. BOOTPS (UDP)
Engine 68/UDP DHCP server Replies to DHCP requests. BOOTPC (UDP)
Engine 80/TCP Clients that need to authenticate to the Engine Browser Based User Authentication HTTP
Engine 443/TCP Clients that need to authenticate to the Engine Browser Based User Authentication HTTPS
Engine 443/TCP VPN clients using SSL tunneling VPN client SSL tunneling TLS
Engine 443/TCP SSL Portal users SSL VPN Portal HTTPS
Engine 546/UDP DHCPv6 server Replies to DHCPv6 requests. N/A
Engine, Master Engine 53/UDP, 53/TCP Clients in the internal network DNS relay DNS (TCP), DNS (UDP)
Engine, Master Engine 500/UDP VPN clients, VPN gateways VPN negotiations, VPN traffic. ISAKMP (UDP)
Engine, Master Engine 636/TCP Management Server Internal user database replication. LDAPS (TCP)
Engine, Master Engine 4500/UDP VPN client, VPN gateways VPN traffic using NAT-traversal. NAT-T
Engine Cluster Node, Master Engine cluster node 3000-3001/UDP, 3002–3003, 3010/TCP Engine Cluster Node, Master Engine cluster node Heartbeat and state synchronization between clustered Engines. SG State Sync (Multicast), SG State Sync (Unicast), SG Data Sync
Engine, Layer 2 Engine, IPS, Master Engine 22/TCP Terminal clients SSH connections to the engine command line.
Note: Do not use SSH in FIPS mode.
SSH
Engine, Layer 2 Engine, IPS, Master Engine 4950/TCP Management Server Remote upgrade. SG Remote Upgrade
Engine, Layer 2 Engine, IPS, Master Engine 4987/TCP Management Server Management Server commands and policy upload. SG Commands
Engine, Layer 2 Engine, IPS, Master Engine 15000/TCP Management Server, Log Server block list entries. SG block listing
Engine, Layer 2 Engine, IPS, Master Engine 161/UDP SNMP server SNMP monitoring. SNMP (UDP)
Engine, Layer 2 Engine, IPS 9111/TCP Forcepoint One Endpoint client Endpoint information from the Forcepoint One Endpoint client. N/A
Forcepoint User ID Service server 5000/TCP Engine, Layer 2 Engine, IPS Information about user name and IP address mappings. N/A
IPS Cluster Node 3000-3001/UDP, 3002–3003, 3010/TCP IPS Cluster Node Heartbeat and state synchronization between clustered IPS engines. SG State Sync (Multicast), SG State Sync (Unicast), SG Data Sync
LDAP server 389/TCP Engine, Master Engine External LDAP queries, including StartTLS connections. LDAP (TCP)
Layer 2 Engine Cluster Node 3000-3001/UDP, 3002–3003, 3010/TCP Layer 2 Engine Cluster Node Heartbeat and state synchronization between clustered Layer 2 Engines. SG State Sync (Multicast), SG State Sync (Unicast), SG Data Sync
Log Server 3020/TCP Engine, Layer 2 Engine, IPS, Master Engine Log and alert messages; monitoring of block lists, connections, status, and statistics. SG Log
Malware signature server 80/TCP Engine, Layer 2 Engine, IPS, Master Engine Malware signature update service. HTTP
Management Server 3021/TCP Engine, Layer 2 Engine, IPS, Master Engine System communications certificate request/renewal (initial contact). SG Initial Contact
Management Server 8906/TCP Engine, Layer 2 Engine, IPS Management connection for engines with "Node-Initiated Contact to Management Server" selected. SG Dynamic Control
RADIUS server 1812, 1645/UDP Engine, Master Engine RADIUS authentication requests. RADIUS (Authentication), RADIUS (Old)
RPC server 111/UDP, 111/TCP Engine, Master Engine RPC number resolve. SUNRPC (UDP), Sun RPC (TCP)
Server Pool Monitoring Agents 7777/UDP Engine, Master Engine Polls to the servers' Server Pool Monitoring Agents for availability and load information. SG Server Pool Monitoring
SNMP server 162/UDP Engine, Layer 2 Engine, IPS, Master Engine SNMP traps from the engine. SNMP Trap (UDP)
TACACS+ server 49/TCP Engine, Master Engine TACACS+ authentication requests. TACACS (TCP)
ThreatSeeker Intelligence Cloud server 443/TCP Engine, Layer 2 Engine, IPS, Master Engine ThreatSeeker Intelligence Cloud URL categorization service. HTTPS
VPN gateways 500, 4500/UDP Engine, Master Engine VPN traffic. Ports 443/TCP (or custom port) can also be used, depending on encapsulation options. ISAKMP (UDP)