Views:

Use these settings to configure your firewall and connected products.

Use the following table to configure your ports to allow Deep Discovery Inspector to connect with Network Security and share data with other TrendAI Vision One™ services such as Workbench and Suspicious Object Management.
For a full list of all FQDNs and firewall exceptions for TrendAI Vision One™, see Firewall exception requirements for TrendAI Vision One™.
Some ports are configurable for their purpose. A purpose notated with (configurable) can be configured to use a different port in the Deep Discovery Inspector management console. The default ports are listed in the table.

Listen Ports

Port
Protocol
Purpose
22
TCP
Connection port for preconfiguration console, as well as sending logs and data to the Threat Management Services Portal if the appliance is registered over SSH
68
UDP
Receive DHCP server responses
80
TCP
Threat intelligence information sharing with other TrendAI™ products
161
UDP
SNMP agent listening and protocol translation
443
TCP
Management console access through HTTPS
8080
TCP
Share threat intelligence with other products (configurable)

Outbound Ports

Port   Purpose
25
TCP
Send notifications and scheduled reports through SMTP
53
TCP/UDP
DNS resolution
67
UDP
Requests to DHCP server if IP addresses are assigned dynamically
80
TCP
Communication with ActiveUpdate server to update components
Also supports communication with Apex Central if the appliance is registered over HTTP.
123
UDP
Connection to NTP server for time synchronization (default NTP server: pool.ntp.org)
137
UDP
IP address to host name resolution through NetBIOS
162
UDP
Send SNMP trap notifications
389
TCP/UDP
Retrieve user information from LDAP servers (configurable)
443
TCP
Used for the following purposes:
  • Communicate with TrendAI Vision One™
  • Communicate with the TrendAI Vision One™ Service Gateway
  • Share anonymous threat information with the Smart Protection Network
  • Connect to TrendAI™ Threat Connect
  • Send files to Deep Discovery Analyzer for sandbox analysis (configurable)
  • Communicate with Deep Discovery Director - on-premises version (configurable)
  • Communicate with Apex Central (configurable)
  • Share threat intelligence information with TrendAI™ TXOne OT Defense Console
  • Connect to MITRE ATT&CK™ Tactics and Techniques website
  • Query Mobile App Reputation Service through Smart Protection Server
  • Query Predictive Machine Learning engine
  • Query the Web Reputation Services blocking reason
  • Register to the mitigation server
  • Scan APK files and send detection information to the Mobile App Reputation Service
  • Send logs and data to Threat Management Services Portal if the appliance is using SSL encryption
  • Verify safety of files through the Certified Safe Software Service
465
TCP
Send notifications and scheduled reports through SMTP over TCP with SSL/TLS encryption
514
UDP
Send logs to syslog server over UDP (configurable)
The port must match the syslog server.
587
TCP
Send notifications and scheduled reports through SMTP over TCP with STARTTLS encryption
601
TCP
Send logs to a syslog server (configurable)
The port must match the syslog server.
636
UDP
Retrieve user information from LDAP servers (configurable)
3268
TCP
Retrieve user information from LDAP servers
3269
TCP
Retrieve user information from LDAP servers
4343
TCP
Communicate with Smart Protection Server
5275
TCP
Query Web Reputation Services through Smart Protection Server using HTTPS, or Service Gateway Smart Protection Server using HTTPS
6514
TCP
Send logs to a syslog server over TCP with SSL encryption (configurable)
The port must match the syslog server.
8514
UDP
Send information to Deep Discovery Advisor if appliance is integrated with Deep Discovery Advisor (configurable)
The port must match the syslog settings on Deep Discovery Advisor.