GravityZone (on-premises) communication ports
GravityZone is a distributed solution, meaning that its components communicate with each other through the use of the local network or the Internet. Each component uses a series of ports to communicate with the others.
Note
For the GravityZone (cloud) communication ports, refer to this section.
This section describes the communication ports used by the GravityZone components when the security solution is installed on the premises of your company.
You need to have these ports open and exclude all addresses mentioned in this table from any gateway security solution or network packet inspection so that GravityZone functions flawlessly.
Web Console Control Center
Inbound
Port | Source / Destination | Purpose |
80 (HTTP) | Any | Access to the Control Center web console, redirect to 443. |
443 (HTTPS) | Any | Access to the Control Center web console. |
Outbound
Port | Source / Destination | Purpose |
27017 | GravityZone database server | Access to the GravityZone database server. |
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. |
389 (LDAP) | Active Directory Domain Controller | The Active Directory integration |
636 (LDAPS) | ||
3268 | Domain Controller Global Catalog | |
3269 | ||
443 | NSX Manager | The VMware NSX Manager integration |
vCenter Server | Communication between GravityZone and the vCenter Server | |
lv2.bitdefender.com connect.nimbus.bitdefender.net | License validation | |
7074 | GravityZone Update Server | These ports are used for downloading updates. |
7075 | ||
443 | Sandbox Analyzer Portal:
| These addresses are used for Manual submission directly from the GravityZone console and to secure connections through regular exchanges of authentication tokens. |
Custom | Syslog | Communication with Syslog/SIEM servers over syslog protocol. The usual Syslog communication destination ports are UDP 514 and TCP 1468. However, you should check the exact ports with your Syslog/SIEM vendor. GravityZone supports custom ports for Syslog on both UDP and TCP. |
Inbound and outbound
Port | Source / Destination | Purpose |
22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster. |
4369, 5672, 6150 | GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster |
32002 | Web console | Communication between Web Console instances when this role is distributed |
Communication server
Inbound
Port | Source / Destination | Purpose |
8443 | Any | Traffic management from/to Security Server, Security Agent, Mobile Client. |
8080 | Windows XP / Windows Server 2003 | Communication with the GravityZone appliance for normal and silent deployment. |
Outbound
Port | Source / Destination | Purpose |
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. |
27017 | GravityZone Database Server | Access to the GravityZone Database. |
5228, 5229, 5230 | Firebase Cloud Messaging | Push notifications to Android devices. |
2195, 2196, 5223 | Apple Push Notification service | Push notifications to iOS devices. For more information, refer to this Apple KB article. |
7074 | GravityZone Update Server | Downloading updates from the local Update Server. |
7075 |
Inbound and outbound
Port | Source / Destination | Purpose |
22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster. |
4369, 5672, 6150 | GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster. |
Database server
Inbound
Port | Source / Destination | Purpose |
27017 | GravityZone Database Server | Access to other GravityZone database instances and replica set members. |
Outbound
Port | Source / Destination | Purpose |
7074 | Update Server | These ports are used for downloading updates. |
7075 | ||
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. |
Inbound and outbound
Port | Source / Destination | Purpose |
22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster. |
Update server
Outbound
Port | Source / Destination | Purpose |
443 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Publishing updates. |
download.bitdefender.com | Downloading updates. | |
*.nimbus.bitdefender.net Or you can exclude instead all the addresses below:
| Antimalware, antiphishing and content control scanning with Bitdefender Cloud Servers. | |
kdn.bitdefender.net | Submitting crash reports and suspicious files for analysis. |
Inbound and outbound
Port | Source / Destination | Purpose |
22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster. |
7074 | GravityZone Update Server | Downloading updates. |
7075 | Outside proxy servers (if configured)
| Handles communication between GravityZone services and the outside world. Ports used to allow communication between Control Center and Communication Server. |
7077 | Any | Staging Update Server communication. |
Report Builder Database
Inbound
Port | Source / Destination | Purpose |
27017 | Report Builder Processors | Listening for requests. |
Outbound
Port | Source / Destination | Purpose |
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. |
7074 | GravityZone Update Server | Downloading updates. |
7075 |
Inbound and outbound
Port | Source / Destination | Purpose |
22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster. |
Report Builder Processors
Inbound
Port | Source / Destination | Purpose |
6379 | Communication server | Listening for requests. |
Outbound
Port | Source / Destination | Purpose |
27017 | GravityZone Report Builder Database | Access to the Report Builder Database. |
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. |
Inbound and outbound
Port | Source / Destination | Purpose |
80 | Web Console | Access to Web Console, redirect HTTP request to port 443. Listening for requests. |
443 | Web Console | Access to Web Console. Listening for requests. |
22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster. |
Incidents Server
Inbound
Port | Source / Destination | Purpose |
8444 | Security Agent | Traffic between the Security agent and the Incidents server. |
Relay Agent | Traffic between the Relay agent and the Incidents server. |
Outbound
Port | Source / Destination | Purpose |
27017 | GravityZone Database Server | Access to the GravityZone Database. |
7074 | GravityZone Update Server | Downloading updates from the local Update Server |
7075 | ||
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. |
Inbound and outbound
Port | Source / Destination | Purpose |
4369, 5672, 6150 | GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster. |
22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster. |
Security Agent (BEST, BEST Legacy, Endpoint Security)
Inbound
Port | Source / Destination | Purpose |
135 (RPC) | Any | Deployment through Relay. |
137, 138, 139 (NetBIOS) | Any | Deployment through Relay. |
Outbound
Port | Source / Destination | Purpose |
80 | upgrade.bitdefender.com *.cdn.bitdefender.net:80 | Downloading updates from the online Bitdefender Update Servers (the official repository). |
lv2.bitdefender.com | License validation. | |
7074 | GravityZone Update Server | Downloading updates from GravityZone Update Server. |
Relay (if available) | Downloading installation packages in the deployment phase from the Relay. Communication messages received from endpoints linked to the Relay. | |
7076 | Bitdefender Global Protective Network: *.nimbus.bitdefender.net Or you can exclude instead all the addresses below:
| Encrypted communication messages (when the Relay is used as a proxy). |
8080, 8443 | Communication Server | Link between the Security Agent and Communication Server. Downloading installation packages during deployment (Setup Downloader). |
8444 | Incidents Server | EDR traffic sent by Security Agent. |
443 | Web Server | Downloading installation packages during deployment (Setup Downloader). |
Sandbox Analyzer Portal:
| Communication between the feeding sensor and the virtual machines from the Sandbox Analyzer Cluster on which the sample is detonated. | |
*.nimbus.bitdefender.net Or you can exclude instead all the addresses below:
| Antimalware, antiphishing and content control scanning with Bitdefender Global Protective Network. | |
kdn.bitdefender.net | Submitting crash reports and suspicious files for analysis. | |
7081 | Security Server | Antimalware scanning with Security Server. |
7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption. |
22, 445 (SSH & SMB) | Any | Detects computers in the local network. |
53 (DNS) | DNS Server | Internal use for DNS queries. |
88 (Kerberos) | Active Directory Domain Controller | Active Directory integration for Linux endpoints. |
389, 636 (LDAP & LDAPS) | Active Directory Domain Controller | Active Directory integration. |
Relay agent
Inbound
Port | Source / Destination | Purpose |
7074 | Security Agent | Communication messages (such as settings and events) received from endpoints linked to the Relay. |
7076 | Security Agent | Encrypted communication messages proxied from connected endpoints to Bitdefender Global Protective Network: nimbus.bitdefender.net |
Outbound
Port | Source / Destination | Purpose |
80 | upgrade.bitdefender.com *.cdn.bitdefender.net:80 | Downloading updates from the online Bitdefender Update Servers (the official repository). |
lv2.bitdefender.com | License validation. | |
7074 | Update Server | Downloading updates from the GravityZone Update Server. |
Relay* (if available) | Downloading installation packages in the deployment phase from another Relay. Communication messages received from endpoints linked to the Relay. | |
7076 | Bitdefender Global Protective Network: *.nimbus.bitdefender.net Or you can exclude instead all the addresses below:
| Encrypted communication messages received from endpoints linked to the Relay Agent. |
7081 | Security Server | Antimalware scanning with Security Server. |
7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption |
8080, 8443 | Communication Server | Link between the Relay Agent and Communication Server. Downloading installation packages during deployment (Setup Downloader). |
443 | Web Server | Downloading installation packages during deployment (Setup Downloader). |
*.nimbus.bitdefender.net Or you can exclude instead all the addresses below:
| Antimalware, antiphishing and content control scanning with Bitdefender Global Protective Network. | |
kdn.bitdefender.net | Submitting crash reports and suspicious files for analysis. |
Security Server (VMware NSX)
Inbound
Port | Source / Destination | Purpose |
48652 | Guest Introspection driver | Communication between the hypervisor and Security Server. |
6379 | Security Server | Allows traffic between Security Servers. |
22 | SSH Server | Allows remote SSH connections and file downloading from the Security Server quarantine. |
Outbound
Port | Source / Destination | Purpose |
7074 | Update Server | Downloading updates from the Update Server. |
80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Fallback for downloading updates from the Bitdefender Update Servers (the official Bitdefender repository). |
8443 | Communication Server | Link between Security Server and Communication Server. |
6379 | Security Server | Allows traffic between Security Servers. |
Bitdefender Tools (Multi-Platform)
Outbound
Port | Source / Destination | Purpose |
7081 | Security Server | Antimalware scanning with Security Server. |
7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption |
8443 | Communication Server | Communication between Bitdefender Tools and Communication Server. |
7074 | Update Server | Downloading updates. |
443 | Web Server | Downloading installation packages during deployment (Setup Downloader). |
80 | *.nimbus.bitdefender.net Or you can exclude instead all the addresses below:
| Antimalware scanning with Bitdefender Global Protective Network. |
Security Server (Multi-Platform)
Inbound
Port | Source / Destination | Purpose |
1344 | Any | Communication between NAS devices compliant with ICAP and Security Server. |
7081 | Any | Antimalware traffic scanning sent by Security Agent. |
7083 | Any | Antimalware traffic scanning sent by Security Agent over SSL. |
6379 | Security Server | Allows traffic between Security Servers. |
Outbound
Port | Source / Destination | Purpose |
443 | *.nimbus.bitdefender.net Or you can exclude instead all the addresses below:
| Periodical verification of antimalware detections with Bitdefender Global Protective Network. |
7074 | Update Server | Downloading updates from GravityZone Update Server. |
8443 | Communication Server | Link between the Security Server and Communication Server. |
80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Fallback for downloading updates from the Bitdefender Update Servers (the official Bitdefender repository). |
Network Sensor VA
Outbound
Port | Source / Destination | Purpose |
443 | Sandbox Analyzer Portal: sandbox-portal.gravityzone.bitdefender.com | Communication between the feeding sensor and the virtual machines on which the sample is detonated. |
GravityZone Mobile Client
Outbound
Port | Source / Destination | Purpose |
8443 | Communication Server | Mobile Client management. |
443 | *.nimbus.bitdefender.net Or you can exclude instead all the addresses below:
| Antimalware and web security scanning with Bitdefender Global Protective Network (Android devices only). |
Network Attack Defense
Inbound and outbound
Port | Source / Destination | Purpose |
8887 TCP | Any | Opened with BEST for Linux to enableNetwork Attack Defense. If port 8887 is used by another application or blocked by a firewall, Network Attack Defense will not receive traffic. |
*Since the relay is an update server that needs to listen all the time on a port, Bitdefender provides a mechanism able to automatically open a random port on localhost (127.0.0.1), so that the update server can receive proper configuration details. The update server tries to open the 7075 port to listen on localhost. If 7075 port is unavailable, the update server will search for another port that is free (in the range of 1025 to 65535) and successfully bind to listen on localhost.
Port 7074 must be open for deployment through Bitdefender Endpoint Security Tools Relay to work.
If you are using role balancers in your environment, make sure to allow all traffic between endpoints and role balancer and between role balancer and other roles on ports 80, 443, 8080, 8443, 27017, and 8444.