Required Services and Ports
Note |
Security Manager will use predefined and dynamic ports for its internal operation. Port scanners might block those ports and will not let Security Manager to execute those processes. Therefore port scanners such as Qualys should not be enabled. If enabled, it may crash Security Manager process that may require a complete re installation of Security Manager. |
You must ensure that required ports are enabled and available for use by Security Manager and its associated applications on your server so that the server can communicate with clients and servers running associated applications.
The ports that need to be open depend on whether you are using CiscoWorks for AAA or an external server (such as ACS), and whether you are configuring Security Manager to interact with certain other applications:
-
Basic Required Ports—Table 3-1 lists the basic ports that must be opened, assuming that you have not customized your configuration to use non-default ports. If you are using CiscoWorks for AAA (user authorization) services, and you do not use any of the optional applications, these should be the only ports you need to open.
Communication |
Service |
Protocol |
Port |
In |
Out |
||
---|---|---|---|---|---|---|---|
Security Manager Client to the Security Manager Server. |
HTTP, HTTPS |
TCP |
1741/443 |
X |
— |
||
Security Manager Client to device managers included in the product (such as ASDM). |
HTTPS |
TCP |
443 |
X |
— |
||
Security Manager Server to Devices.
|
HTTPS |
TCP |
443 |
— |
X |
||
SSH |
TCP |
22 |
— |
X |
|||
Telnet |
TCP |
23 |
— |
X |
|||
Security Manager to an e-mail server. This port is required only if you configure e-mail notification settings for any of the various functions that can provide these notifications. |
SMTP |
TCP |
25 |
— |
X |
||
Syslog service used by the Security Manager Event Viewer. |
Syslog |
UDP |
514 |
X |
— |
||
Health and Performance Monitor |
HTTP, HTTPS |
TCP |
2012 and 4444 |
X |
X |
||
Report Manager |
HTTP, HTTPS |
TCP |
4334 |
X |
X |
||
Event Manager |
HTTP, HTTPS |
TCP |
11999 |
X |
X |
-
Ports Required By Optional Applications—If you are using Security Manager with other applications, other ports also need to be opened, as shown in Table 3-2. Open only ports required by applications that you are actually using.
Communication |
Service |
Protocol |
Port |
In |
Out |
---|---|---|---|---|---|
Security Manager Server to and from CS-MARS. |
HTTPS |
TCP |
443 |
X |
X |
Security Manager Server to Cisco Secure Access Control Server (ACS). |
HTTP, HTTPS |
TCP |
|
— |
X |
Security Manager Server to an External AAA Server (configurable in a non-ACS mode). |
RADIUSLDAPKerberos |
TCP |
1645, 1646, 1812(new), 389, 636 (SSL), 88 |
— |
X |
Security Manager Server to Configuration Engine. |
HTTPS |
TCP |
443 |
— |
X |
Security Manager Server to TMS Server. |
FTP |
TCP |
21 |
— |
X |