7/UDP |
UDP/audit logging |
FMC, classic |
Outbound |
Verify connectivity with the syslog server when configuring audit logging. |
22/tcp
|
SSH
|
FMC
Any device
|
Inbound
|
Secure remote connections to the appliance.
|
25/tcp
|
SMTP
|
FMC
|
Outbound
|
Send email notices and alerts.
|
53/tcp
53/udp
|
DNS
|
FMC
Any device
|
Outbound
|
DNS
|
67/udp
68/udp
|
DHCP
|
FMC
Any device
|
Outbound
|
DHCP
|
80/tcp
|
HTTP
|
FMC
7000/8000 series
|
Outbound
|
Display RSS feeds in the dashboard.
|
80/tcp
|
HTTP
|
FMC
|
Outbound
|
Download or query URL category and reputation data (port 443 also required).
|
80/tcp
|
HTTP
|
FMC
|
Outbound
|
Download custom Security Intelligence feeds over HTTP.
|
123/udp
|
NTP
|
FMC
Any device
|
Outbound
|
Synchronize time.
|
161/udp
|
SNMP
|
FMC
Any device
|
Inbound
|
Allow access to MIBs via SNMP polling.
|
162/udp
|
SNMP
|
FMC
Any device
|
Outbound
|
Send SNMP alerts to a remote trap server.
|
389/tcp
636/tcp
|
LDAP
|
FMC
7000/8000 series
|
Outbound
|
Communicate with an LDAP server for external authentication.
Obtain metadata for detected LDAP users (FMC only).
Configurable.
|
443/tcp
|
HTTPS
|
FMC
7000/8000 series
|
Inbound
|
Access the web interface.
|
443/tcp
|
HTTPS
|
FMC
Any device
|
Outbound
|
Send and receive data from the internet. For details, see Internet Access Requirements.
|
443
|
HTTPS
|
FMC
|
Outbound
|
Communicate with the AMP cloud (public or private)
See also information for port 32137.
|
443
|
HTTPS
|
FMC
|
Inbound and Outbound
|
Integrate with AMP for Endpoints
|
514/udp
|
Syslog (alerts)
|
FMC
Any device
|
Outbound
|
Send alerts to a remote syslog server.
|
623/udp
|
SOL/LOM
|
FMC
7000/8000 series
|
Inbound
|
Lights-Out Management (LOM) using a Serial Over LAN (SOL) connection.
|
885/tcp
|
Captive portal
|
Any device
|
Inbound
|
Communicate with a captive portal identity source.
|
1500/tcp
2000/tcp
|
Database access
|
FMC
|
Inbound
|
Allow read-only access to the event database by a third-party client.
|
1812/udp
1813/udp
|
RADIUS
|
FMC
7000/8000 series
|
Outbound
|
Communicate with a RADIUS server for external authentication and accounting.
Configurable.
|
3306/tcp
|
User Agent
|
FMC
|
Inbound
|
Communicate with User Agents.
|
5222/tcp
|
ISE
|
FMC
|
Outbound
|
Communicate with an ISE identity source.
|
8302/tcp
|
eStreamer
|
FMC
7000/8000 series
|
Inbound
|
Communicate with an eStreamer client.
|
8305/tcp
|
Appliance communications
|
FMC
Any device
|
Both |
Securely communicate between appliances in a deployment.
Configurable. If you change this port, you must change it for all appliances in the deployment. We recommend you keep the default.
|
8307/tcp
|
Host input client
|
FMC
|
Inbound
|
Communicate with a host input client.
|
32137/tcp
|
AMP for Networks
|
FMC
|
Outbound
|
Communicate with the Cisco AMP cloud.
This is a legacy configuration. We recommend you use the default (443).
|