Ports Used

Deep Security Manager

Vulnerability Protection

Port: 4119 (default)

• Use:
  • Access to Vulnerability ProtectionDeep Security Manager Web console browser interface.
  • Access to Deep Security Manager by an ESXi server to request the Deep Security Filter Driver during the preparation of an ESXi server for Anti-Malware protection.
  • Requests for Security Updates by the Deep Security Virtual Appliance.
• Protocol: TCP
• Initiated By:
  • Web Browser
  • ESXi server
  • Deep Security Virtual Appliance
• Connected To: Vulnerability ProtectionDeep Security Manager
• Proxy: No
• Configuration: This port is configured during the Vulnerability ProtectionDeep Security Manager installation process.

Port: 4120 (default)

• Use: Agent/Appliance-initiated communication with the Manager. The Agent/Appliance sends Events to the Manager, and the Manager sends Configuration Updates.
• Protocol: TCP
• Initiated By: Agent/Appliance
• Connected To: Vulnerability ProtectionDeep Security Manager
• Proxy: No
• Configuration: This port is configured during the Vulnerability ProtectionDeep Security Manager installation process.

Agent/Appliance

Port: 4118

• Use: Manager-to-Agent/Appliance communication.
• Protocol: TCP
• Initiated By: Vulnerability ProtectionDeep Security Manager
• Connected To: Agent/Appliance
• Proxy: No
• Configuration: This port is not configurable. (Contact your support provider if this port assignment is problematic.)

Relay

Port: 4122

• Use: Agent-to-Relay communication
• Protocol: TCP
• Initiated By: Relays and Agents
• Connected To: Vulnerability ProtectionDeep Security Relay
• Proxy: No
• Configuration: This port is configured during the Vulnerability ProtectionDeep Security Manager installation process.

Port: 4123

• Use: Internal Relay communication
• Protocol: TCP
• Initiated By: Relay (internally to localhost)
• Connected To:Vulnerability Protection Deep Security Relay
• Proxy: No
• Configuration: This port is not configurable and is invisible to outside machines.

SQL Server Database Server

Port: 1433, 1434

• Use: Manager-to-database communication (required to connect the database to the Vulnerability ProtectionDeep Security Manager)
• Protocol: TCP for 1433, UDP for 1434
• Initiated By: Vulnerability ProtectionDeep Security Manager
• Connected To: SQL database server
• Proxy: No
• Configuration: This port is configured during the Vulnerability ProtectionDeep Security Manager installation process.

Oracle Database Server

Port: 1521

• Use: Manager-to-database communication (required for SQL if you are using Oracle)
• Protocol: TCP
• Initiated By: Vulnerability ProtectionDeep Security Manager
• Connected To: Oracle database server
• Proxy: No
• Configuration: This port is configured during the Vulnerability ProtectionDeep Security Manager installation process.

Syslog Facility

Port: 514 (default)

• Use: Syslog
• Protocol: UDP
• Initiated By: Agent/Appliance
• Connected To: Syslog facility
• Proxy: No
• Configuration: This port can be configured in Administration > System Settings > SIEM.

SMTP Server

Port: 25 (default)

• Use: E-mail Alerts
• Protocol: TCP
• Initiated By: Vulnerability ProtectionDeep Security Manager
• Connected To: Specified SMTP server
• Proxy: No
• Configuration: This port can be configured in Administration > System Settings > SMTP.

Trend Micro Update Server

Port: 80

• Use: Connection to Trend Micro Update Server
• Protocol: HTTP and SOCKS
• Initiated By: Vulnerability ProtectionDeep Security Manager
• Connected To: Trend Micro Update Server
• Proxy: Yes (optional)
• Configuration: The proxy address and port can be configured in Administration > System Settings > Proxies.

DNS Server

Port: 53

• Use: DNS lookup for hostnames
• Protocol: TCP
• Initiated by: Vulnerability ProtectionDeep Security Manager
• Connected to: DNS server
• Proxy: No
• Configuration: No configuration required.