Skip to main content

GravityZone (on-premises) communication ports

GravityZone is a distributed solution, meaning that its components communicate with each other through the use of the local network or the Internet. Each component uses a series of ports to communicate with the others.

Note

For the GravityZone (cloud) communication ports, refer to this section.

This section describes the communication ports used by the GravityZone components when the security solution is installed on the premises of your company.

You need to have these ports open and exclude all addresses mentioned in this table from any gateway security solution or network packet inspection so that GravityZone functions flawlessly.

Web Console

Inbound

Port

Source / Destination

Purpose

80 (HTTP)

Any

Access to the Control Center web console, redirecting to 443

443 (HTTPS)

Any

Access to the Control Center web console

Outbound

Port

Source / Destination

Purpose

27017

GravityZone database server

Access to the GravityZone database server

123

Network Time Protocol (NTP) server

Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface.

389 (LDAP)

Active Directory Domain Controller

The Active Directory integration

636 (LDAPS)

3268

Domain Controller Global Catalog

3269

443

NSX Manager

The VMware NSX Manager integration

vCenter Server

Communication between GravityZone and the vCenter Server

lv2.bitdefender.com
connect.nimbus.bitdefender.net

License validation

7074

GravityZone Update Server

Downloading updates

7075

443

Sandbox Analyzer Portal:

sandbox-portal.gravityzone.bitdefender.com
sandbox-portal-us.gravityzone.bitdefender.com

Manual submission directly from the GravityZone console and securing connections through regular exchanges of authentication tokens

Custom

Syslog

Communication with Syslog/SIEM servers over Syslog protocol. The usual Syslog communication destination ports are UDP 514 and TCP 1468. However, you should check the exact ports with your Syslog/SIEM vendor. GravityZone supports custom ports for Syslog on both UDP and TCP.

Inbound and outbound

Port

Source / Destination

Purpose

22

GravityZone virtual appliances

Internal communication between GravityZone virtual appliances in the management cluster

4369, 5672, 6150

GravityZone virtual appliances

RabbitMQ communication between the GravityZone appliances in the management cluster

32002

Web Console

Communication between Web Console instances when this role is distributed

Endpoint Communication Server

Note

The Endpoint Events Processing Server role does not require any ports opened for communication.

Inbound

Port

Source / Destination

Purpose

8443

Any

Traffic management from/to Security Server, Security Agent, Mobile Client

8080

Windows XP / Windows Server 2003

Communication with the GravityZone appliance for normal and silent deployment

Outbound

Port

Source / Destination

Purpose

123

Network Time Protocol (NTP) server

Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface.

27017

GravityZone Database Server

Access to the GravityZone Database

5228, 5229, 5230

Firebase Cloud Messaging

Pushing notifications to Android devices

2195, 2196, 5223

Apple Push Notification service

Pushing notifications to iOS devices. For more information, refer to this Apple KB article.

7074

GravityZone Update Server

Downloading updates from the local Update Server

7075

Inbound and outbound

Port

Source / Destination

Purpose

22

GravityZone virtual appliances

Internal communication between GravityZone virtual appliances in the management cluster

4369, 5672, 6150

GravityZone virtual appliances

RabbitMQ communication between the GravityZone appliances in the management cluster.

Database Server

Inbound

Port

Source / Destination

Purpose

27017

GravityZone Database Server

Access to other GravityZone database instances and replica set members

Outbound

Port

Source / Destination

Purpose

7074

Update Server

Downloading updates

7075

123

Network Time Protocol (NTP) server

Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface.

Inbound and outbound

Port

Source / Destination

Purpose

22

GravityZone virtual appliances

Internal communication between GravityZone virtual appliances in the management cluster

Update Server

Outbound

Port

Source / Destination

Purpose

443

upgrade.bitdefender.com
update-onprem.2d585.cdn.bitdefender.net

Publishing updates

download.bitdefender.com

Downloading updates

*.nimbus.bitdefender.net

Or you can exclude instead all the addresses below:

nimbus.bitdefender.net
mclb-gcp.nimbus.bitdefender.net
eu.nimbus.bitdefender.net
us.nimbus.bitdefender.net
elb-fra-gcp.nimbus.bitdefender.net
elb-lon-gcp.nimbus.bitdefender.net
elb-nvi-gcp.nimbus.bitdefender.net
elb-ore-gcp.nimbus.bitdefender.net
elb-iow-gcp.nimbus.bitdefender.net
elb-tky-gcp.nimbus.bitdefender.net

Antimalware, anti-phishing, and content control scanning with Bitdefender Cloud Servers

Inbound and outbound

Port

Source / Destination

Purpose

22

GravityZone virtual appliances

Internal communication between GravityZone virtual appliances in the management cluster

7074

GravityZone Update Server

Downloading updates

7075

Outside proxy servers (if configured):

download.bitdefender.com
upgrade.bitdefender.com
update-onprem.2d585.cdn.bitdefender.net
lv2.bitdefender.com

Handling communication between GravityZone services and the outside world

Allowing communication between Control Center and Endpoint Communication Server

7077

Any

Staging Update Server communication

Report Builder Database

Inbound

Port

Source / Destination

Purpose

27017

Report Builder Processors

Listening for requests

Outbound

Port

Source / Destination

Purpose

123

Network Time Protocol (NTP) server

Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface.

7074

GravityZone Update Server

Downloading updates

7075

Inbound and outbound

Port

Source / Destination

Purpose

22

SSH Server

Internal communication between GravityZone virtual appliances in the management cluster

Report Builder Processors

Inbound

Port

Source / Destination

Purpose

6379

Endpoint Communication Server

Listening for requests

Outbound

Port

Source / Destination

Purpose

27017

GravityZone Report Builder Database

Access to the Report Builder Database

123

Network Time Protocol (NTP) server

Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface.

Inbound and outbound

Port

Source / Destination

Purpose

80

Web Console

Access to Web Console, redirecting HTTP request to port 443

Listening for requests

443

Web Console

Access to Web Console

Listening for requests

22

SSH Server

Internal communication between GravityZone virtual appliances in the management cluster.

Incidents Server

Inbound

Port

Source / Destination

Purpose

8444

Security Agent

Traffic between the Security Agent and the Incidents server

Relay Agent

Traffic between the Relay Agent and the Incidents server

Outbound

Port

Source / Destination

Purpose

27017

GravityZone Database Server

Access to the GravityZone Database

7074

GravityZone Update Server

Downloading updates from the local Update Server

7075

123

Network Time Protocol (NTP) server

Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface.

Inbound and outbound

Port

Source / Destination

Purpose

4369, 5672, 6150

GravityZone virtual appliances

RabbitMQ communication between the GravityZone appliances in the management cluster

22

SSH Server

Internal communication between GravityZone virtual appliances in the management cluster

Security Agent (BEST)

Inbound

Port

Source / Destination

Purpose

135 (RPC)

Any

Deployment through Relay

137, 138, 139 (NetBIOS)

Any

Deployment through Relay

Outbound

Port

Source / Destination

Purpose

80

update-onprem.2d585.cdn.bitdefender.net
upgrade.bitdefender.com
*.cdn.bitdefender.net:80

Downloading updates from the online Bitdefender Update Servers (the official repository)

lv2.bitdefender.com

License validation

7074

GravityZone Update Server

Downloading updates from GravityZone Update Server

Relay (if available)

Downloading installation packages in the deployment phase from the Relay

Communication messages received from endpoints linked to the Relay

7076

Bitdefender Global Protective Network:

*.nimbus.bitdefender.net

Or you can exclude instead all the addresses below:

nimbus.bitdefender.net
mclb-gcp.nimbus.bitdefender.net
eu.nimbus.bitdefender.net
us.nimbus.bitdefender.net
elb-fra-gcp.nimbus.bitdefender.net
elb-lon-gcp.nimbus.bitdefender.net
elb-nvi-gcp.nimbus.bitdefender.net
elb-ore-gcp.nimbus.bitdefender.net
elb-iow-gcp.nimbus.bitdefender.net
elb-tky-gcp.nimbus.bitdefender.net

Encrypted communication messages (when the Relay is used as a proxy)

8080, 8443

Endpoint Communication Server

Link between the Security Agent and Endpoint Communication Server

Downloading installation packages during deployment (Setup Downloader)

8444

Incidents Server

EDR traffic sent by Security Agent

443

Web Server

Downloading installation packages during deployment (Setup Downloader)

Sandbox Analyzer Portal:

sandbox-portal.gravityzone.bitdefender.com
sandbox-portal-us.gravityzone.bitdefender.com

Communication between the feeding sensor and the virtual machines from the Sandbox Analyzer Cluster on which the sample is detonated

*.nimbus.bitdefender.net

Or you can exclude instead all the addresses below:

nimbus.bitdefender.net
mclb-gcp.nimbus.bitdefender.net
eu.nimbus.bitdefender.net
us.nimbus.bitdefender.net
elb-fra-gcp.nimbus.bitdefender.net
elb-lon-gcp.nimbus.bitdefender.net
elb-nvi-gcp.nimbus.bitdefender.net
elb-ore-gcp.nimbus.bitdefender.net
elb-iow-gcp.nimbus.bitdefender.net
elb-tky-gcp.nimbus.bitdefender.net

Antimalware, anti-phishing, and content control scanning with Bitdefender Global Protective Network

update-onprem.2d585.cdn.bitdefender.net

Downloading signature and product updates from the online Bitdefender Update Servers (the official repository) over an encrypted channel.

download.bitdefender.com

(Linux only)

Downloading product updates from the online Bitdefender Update Servers (the official repository) over an encrypted channel.

7081

Security Server

Antimalware scanning with Security Server

7083

Security Server

Antimalware scanning with Security Server when using SSL traffic encryption

22, 445 (SSH & SMB)

Any

Detecting computers in the local network

53 (DNS)

DNS Server

Internal use for DNS queries

88 (Kerberos)

Active Directory Domain Controller

Active Directory integration for Linux endpoints

389, 636 (LDAP & LDAPS)

Active Directory Domain Controller

Active Directory integration

Relay agent

Inbound

Port

Source / Destination

Purpose

7074

Security Agent

Communication messages (such as settings and events) received from endpoints linked to the Relay.

Used for product and security content updates.

7076

Security Agent

Encrypted communication messages proxied from connected endpoints to Bitdefender Global Protective Network:

nimbus.bitdefender.net

Outbound

Port

Source / Destination

Purpose

80

upgrade.bitdefender.com
*.cdn.bitdefender.net:80

Downloading updates from the online Bitdefender Update Servers (the official repository)

lv2.bitdefender.com

License validation

7074

Update Server

Downloading updates from the GravityZone Update Server

Relay* (if available)

Downloading installation packages in the deployment phase from another Relay

Communication messages received from endpoints linked to the Relay

7076

Bitdefender Global Protective Network:

*.nimbus.bitdefender.net

Or you can exclude instead all the addresses below:

nimbus.bitdefender.net
mclb-gcp.nimbus.bitdefender.net
eu.nimbus.bitdefender.net
us.nimbus.bitdefender.net
elb-fra-gcp.nimbus.bitdefender.net
elb-lon-gcp.nimbus.bitdefender.net
elb-nvi-gcp.nimbus.bitdefender.net
elb-ore-gcp.nimbus.bitdefender.net
elb-iow-gcp.nimbus.bitdefender.net
elb-tky-gcp.nimbus.bitdefender.net

Encrypted communication messages received from endpoints linked to the Relay Agent

7081

Security Server

Antimalware scanning with Security Server

7083

Security Server

Antimalware scanning with Security Server when using SSL traffic encryption

8080, 8443

Endpoint Communication Server

Link between the Relay Agent and Endpoint Communication Server

Downloading installation packages during deployment (Setup Downloader)

443

Web Server

Downloading installation packages during deployment (Setup Downloader)

*.nimbus.bitdefender.net

Or you can exclude instead all the addresses below:

nimbus.bitdefender.net
mclb-gcp.nimbus.bitdefender.net
eu.nimbus.bitdefender.net
us.nimbus.bitdefender.net
elb-fra-gcp.nimbus.bitdefender.net
elb-lon-gcp.nimbus.bitdefender.net
elb-nvi-gcp.nimbus.bitdefender.net
elb-ore-gcp.nimbus.bitdefender.net
elb-iow-gcp.nimbus.bitdefender.net
elb-tky-gcp.nimbus.bitdefender.net

Antimalware, anti-phishing, and content control scanning with Bitdefender Global Protective Network

Security Server (VMware NSX)

Inbound

Port

Source / Destination

Purpose

48652

Guest Introspection driver

Communication between the hypervisor and Security Server

6379

Security Server

Allowing traffic between Security Servers

22

SSH Server

Allowing remote SSH connections and file downloading from the Security Server quarantine

Outbound

Port

Source / Destination

Purpose

7074

Update Server

Downloading updates from the Update Server

80

upgrade.bitdefender.com

update-onprem.2d585.cdn.bitdefender.net

Fallback for downloading updates from the Bitdefender Update Servers (the official Bitdefender repository)

8443

Endpoint Communication Server

Link between Security Server and Endpoint Communication Server

6379

Security Server

Allowing traffic between Security Servers

Security Server (Multi-Platform)

Inbound

Port

Source / Destination

Purpose

1344

Any

Communication between NAS devices compliant with ICAP and Security Server

7081

Any

Antimalware traffic scanning sent by Security Agent

7083

Any

Antimalware traffic scanning sent by Security Agent over SSL

6379

Security Server

Allowing traffic between Security Servers

Outbound

Port

Source / Destination

Purpose

443

*.nimbus.bitdefender.net

Or you can exclude instead all the addresses below:

nimbus.bitdefender.net
mclb-gcp.nimbus.bitdefender.net
eu.nimbus.bitdefender.net
us.nimbus.bitdefender.net
elb-fra-gcp.nimbus.bitdefender.net
elb-lon-gcp.nimbus.bitdefender.net
elb-nvi-gcp.nimbus.bitdefender.net
elb-ore-gcp.nimbus.bitdefender.net
elb-iow-gcp.nimbus.bitdefender.net
elb-tky-gcp.nimbus.bitdefender.net

Periodical verification of antimalware detections with Bitdefender Global Protective Network

7074

Update Server

Downloading updates from GravityZone Update Server

8443

Endpoint Communication Server

Link between the Security Server and Endpoint Communication Server

80

upgrade.bitdefender.com
update-onprem.2d585.cdn.bitdefender.net

Fallback for downloading updates from the Bitdefender Update Servers (the official Bitdefender repository)

GravityZone Mobile Client

Outbound

Port

Source / Destination

Purpose

8443

Endpoint Communication Server

Mobile Client management

443

*.nimbus.bitdefender.net

Or you can exclude instead all the addresses below:

nimbus.bitdefender.net
mclb-gcp.nimbus.bitdefender.net
eu.nimbus.bitdefender.net
us.nimbus.bitdefender.net
elb-fra-gcp.nimbus.bitdefender.net
elb-lon-gcp.nimbus.bitdefender.net
elb-nvi-gcp.nimbus.bitdefender.net
elb-ore-gcp.nimbus.bitdefender.net
elb-iow-gcp.nimbus.bitdefender.net
elb-tky-gcp.nimbus.bitdefender.net

Antimalware and web security scanning with Bitdefender Global Protective Network (Android devices only)

Network Attack Defense

Inbound and outbound

Port

Source / Destination

Purpose

8887 TCP

Any

Opened with BEST for Linux to enableNetwork Attack Defense

If port 8887 is used by another application or blocked by a firewall, Network Attack Defense will not receive traffic.

*Since the relay is an update server that needs to listen all the time on a port, Bitdefender provides a mechanism able to automatically open a random port on localhost (127.0.0.1) so that the update server can receive proper configuration details. The update server tries to open the 7075 port to listen on localhost. If 7075 port is unavailable, the update server will search for another port that is free (in the range of 1025 to 65535) and successfully bind to listen on localhost.

Port 7074 must be open for deployment through Bitdefender Endpoint Security Tools Relay to work.

If you are using role balancers in your environment, make sure to allow all traffic between endpoints and role balancer and between role balancer and other roles on ports 80, 443, 8080, 8443, 27017, and 8444.