Engine ports

The most important default ports used in communications to and from Engines and Master Engine are presented in the following illustrations.

See the table for a complete list of default ports for the engines.

Note: Master Engines use the same default ports as clustered Engines. Virtual Engines do not communicate directly with other system components.

Figure: Destination ports for basic Engine communications



Figure: Default destination ports for Engine service communications



This table lists the default ports for Engines and Master Engines. Many of these ports can be changed. The names of corresponding default Service elements are also included for your reference.

Table 1. Engine and Master Engine default ports
Listening host Port/protocol Contacting hosts Service description Service element name
Certificate Revocation List (CRL) server 80/TCP Firewall Online certificate status protocol (OCSP) queries and fetching CRLs. HTTP
DHCP server 67/UDP Firewall Relayed DHCP requests and requests from a firewall that uses dynamic IP address. BOOTPS (UDP)
DHCPv6 server 547/UDP Firewall Requests from a firewall that uses dynamic IPv6 address. N/A
External DNS server 53/UDP, 53/TCP Firewall, Master Engine DNS resolution and dynamic DNS updates. DNS (TCP), DNS (UDP)
File reputation server 443/TCP Firewall, Layer 2 Firewall, IPS, Master Engine GTI File Reputation Server HTTPS
Firewall 67/UDP Any DHCP relay on firewall engine. BOOTPS (UDP)
Firewall 68/UDP DHCP server Replies to DHCP requests. BOOTPC (UDP)
Firewall 80/TCP Clients that need to authenticate to the Firewall Browser Based User Authentication HTTP
Firewall 443/TCP Clients that need to authenticate to the Firewall Browser Based User Authentication HTTPS
Firewall 443/TCP VPN clients using SSL tunneling VPN client SSL tunneling TLS
Firewall 443/TCP SSL Portal users SSL VPN Portal HTTPS
Firewall 546/UDP DHCPv6 server Replies to DHCPv6 requests. N/A
Firewall, Master Engine 53/UDP, 53/TCP Clients in the internal network DNS relay DNS (TCP), DNS (UDP)
Firewall, Master Engine 500/UDP VPN clients, VPN gateways VPN negotiations, VPN traffic. ISAKMP (UDP)
Firewall, Master Engine 636/TCP Management Server Internal user database replication. LDAPS (TCP)
Firewall, Master Engine 4500/UDP VPN client, VPN gateways VPN traffic using NAT-traversal. NAT-T
Firewall Cluster Node, Master Engine cluster node 3000-3001/UDP, 3002–3003, 3010/TCP Firewall Cluster Node, Master Engine cluster node Heartbeat and state synchronization between clustered Firewalls. SG State Sync (Multicast), SG State Sync (Unicast), SG Data Sync
Firewall, Layer 2 Firewall, IPS, Master Engine 22/TCP Terminal clients SSH connections to the engine command line.
Note: Do not use SSH in FIPS mode.
SSH
Firewall, Layer 2 Firewall, IPS, Master Engine 4950/TCP Management Server Remote upgrade. SG Remote Upgrade
Firewall, Layer 2 Firewall, IPS, Master Engine 4987/TCP Management Server Management Server commands and policy upload. SG Commands
Firewall, Layer 2 Firewall, IPS, Master Engine 15000/TCP Management Server, Log Server Blacklist entries. SG Blacklisting
Firewall, Layer 2 Firewall, IPS, Master Engine 161/UDP SNMP server SNMP monitoring. SNMP (UDP)
Firewall, Layer 2 Firewall, IPS 9111/TCP Forcepoint One Endpoint client Endpoint information from the Forcepoint One Endpoint client. N/A
Forcepoint User ID Service server 5000/TCP Firewall, Layer 2 Firewall, IPS Information about user name and IP address mappings. N/A
IPS Cluster Node 3000-3001/UDP, 3002–3003, 3010/TCP IPS Cluster Node Heartbeat and state synchronization between clustered IPS engines. SG State Sync (Multicast), SG State Sync (Unicast), SG Data Sync
LDAP server 389/TCP Firewall, Master Engine External LDAP queries, including StartTLS connections. LDAP (TCP)
Layer 2 Firewall Cluster Node 3000-3001/UDP, 3002–3003, 3010/TCP Layer 2 Firewall Cluster Node Heartbeat and state synchronization between clustered Layer 2 Firewalls. SG State Sync (Multicast), SG State Sync (Unicast), SG Data Sync
Log Server 3020/TCP Firewall, Layer 2 Firewall, IPS, Master Engine Log and alert messages; monitoring of blacklists, connections, status, and statistics. SG Log
Malware signature server 80/TCP Firewall, Layer 2 Firewall, IPS, Master Engine Malware signature update service. HTTP
Management Server 3021/TCP Firewall, Layer 2 Firewall, IPS, Master Engine System communications certificate request/renewal (initial contact). SG Initial Contact
Management Server 8906/TCP Firewall, Layer 2 Firewall, IPS Management connection for engines with "Node-Initiated Contact to Management Server" selected. SG Dynamic Control
RADIUS server 1812, 1645/UDP Firewall, Master Engine RADIUS authentication requests. RADIUS (Authentication), RADIUS (Old)
RPC server 111/UDP, 111/TCP Firewall, Master Engine RPC number resolve. SUNRPC (UDP), Sun RPC (TCP)
Server Pool Monitoring Agents 7777/UDP Firewall, Master Engine Polls to the servers' Server Pool Monitoring Agents for availability and load information. SG Server Pool Monitoring
SNMP server 162/UDP Firewall, Layer 2 Firewall, IPS, Master Engine SNMP traps from the engine. SNMP Trap (UDP)
TACACS+ server 49/TCP Firewall, Master Engine TACACS+ authentication requests. TACACS (TCP)
ThreatSeeker Intelligence Cloud server 443/TCP Firewall, Layer 2 Firewall, IPS, Master Engine ThreatSeeker Intelligence Cloud URL categorization service. HTTPS
VPN gateways 500, 4500/UDP Firewall, Master Engine VPN traffic. Ports 443/TCP (or custom port) can also be used, depending on encapsulation options. ISAKMP (UDP)