Bitdefender GravityZone (Cloud Console) Communication Ports
The following table provides information on the ports used by Bitdefender GravityZone (cloud console) components.
You need to have these ports open and to exclude all addresses mentioned in this table from any gateway security solution or network packet inspection so that GravityZone functions flawlessly.
 |
Note:
It is recommended that you do not use solutions for inspecting or scanning the traffic between endpoints, relays and Bitdefender servers, because they may change the checksum and therefore damage the downloads. |
| Component | Direction | Port | Source / Destination | Description |
| Web Console (Control Center) |
Inbound | 80 (HTTP) | Any | Access to the Control Center web console, redirect to 443 |
| 443 (HTTPS) | Any | Access to the Control Center web console | ||
|
Security Agent (BEST, BEST Legacy, Endpoint Security, Endpoint Security for Mac) |
Outbound | 80 | upgrade.bitdefender.com update.cloud.2d585.cdn.bitdefender.net |
Downloading updates from the online Bitdefender Update Servers (the official repository)
|
| lv2.bitdefender.com | License validation | |||
| 389 (LDAP) | Active Directory Domain Controller |
Integration with Active Directory (only for the endpoint which has the role of Active Directory Integrator)
|
||
| 636 (LDAPS) | ||||
| 3268 | Domain Controller Global Catalog | |||
| 3269 | ||||
| 7074 | ||||
| Relay agent (*) (if available) | Downloading installation packages in the deployment phase from the Relay agent Communication messages received from endpoints linked to the Relay agent |
|||
| 7076 | Bitdefender Global Protective Network: nimbus.bitdefender.net/elam/blob |
Encrypted communication messages (when the Relay agent is used as a proxy) | ||
| 443 | cloud.gravityzone.bitdefender.com cloudgz.gravityzone.bitdefender.com |
Downloading installation packages during deployment (Setup Downloader) | ||
| cloud-ecs.gravityzone.bitdefender.com cloudgz-ecs.gravityzone.bitdefender.com |
Link between the security agents and Communication Server | |||
| nimbus.bitdefender.net/elam/blob | Early Launch Anti-Malware (ELAM) cloud server | |||
| upgrade.bitdefender.com | Downloading updates from the online Bitdefender Update Servers (the official repository) over an encrypted channel | |||
| nimbus.bitdefender.net |
Antimalware, antiphishing and content control scanning with Bitdefender Global Protective Network |
|||
|
eu-lurker-input.gravityzone.bitdefender.com/ |
Traffic between the Security agent and the Incidents server. | |||
|
ingestors-eu.bmdr.bitdefender.com |
Traffic between the Security agent and the managed EDR comunication server. | |||
| Relay agent | Inbound | 7074 | Security agent | Communication messages (such as settings and events) received from endpoints linked to the Relay agent |
| 7076 | Bitdefender Global Protective Network: nimbus.bitdefender.net/elam/blob |
Encrypted communication messages proxied from connected endpoints to Bitdefender Global Protective Network: | ||
| Outbound | 80 | |||
| upgrade.bitdefender.com update.cloud.2d585.cdn.bitdefender.net |
Downloading updates from the online Bitdefender Update Servers (the official repository) |
|||
| lv2.bitdefender.com | License validation | |||
| 389 | Active Directory Domain Controller | Integration with Active Directory (only for the endpoint which has the role of Active Directory Integrator) | ||
| 7074 | ||||
| Relay agent(*) (if available) | Downloading installation packages in the deployment phase from another Relay Agent Communication messages received from endpoints linked to the Relay agent |
|||
| 7076 | Bitdefender Global Protective Network nimbus.bitdefender.net/elam/blob |
Encrypted communication messages received from endpoints linked to the Relay agent | ||
| 443 | cloud.gravityzone.bitdefender.com cloudgz.gravityzone.bitdefender.com |
Downloading installation packages during deployment (Setup Downloader) | ||
| cloud-ecs.gravityzone.bitdefender.com cloudgz-ecs.gravityzone.bitdefender.com |
Link between the Relay agent and Communication Server | |||
| nimbus.bitdefender.net/elam/blob |
|
|||
| upgrade.bitdefender.com | Downloading updates from the online Bitdefender Update Servers (the official repository) over an encrypted channel | |||
| nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Global Protective Network | |||
| download.bitdefender.com | Downloading installation packages before deployment from the GravityZone Cloud Control Center | |||
|
eu-lurker-input.gravityzone.bitdefender.com/ |
Traffic between the Relay agent and the Incidents server. | |||
|
ingestors-eu.bmdr.bitdefender.com |
Traffic between the Relay agent and the managed EDR comunication server. | |||
| Security Server (Multi-Platform) | Inbound | 1344 | Any |
Used by Security for Storage protection layer for communication between NAS devices compliant with ICAP and Security Server |
| 6379 | Security Server | Allows traffic between Security Servers for scan cache sharing protocol. | ||
| 7081 | Any | Antimalware traffic scanning sent by the Security Agent | ||
| 7083 | Any | Antimalware traffic scanning sent by the Security Agent over SSL | ||
| Outbound | 443 | nimbus.bitdefender.net | Periodical verification of antimalware detections with Bitdefender Global Protective Network | |
| upgrade.bitdefender.com | Downloading updates from the online Bitdefender Update Servers (the official repository) over an encrypted channel | |||
| *.cdn.bitdefender.net:443 | Downloading updates from the online Bitdefender Update Servers (the official repository) over an encrypted channel | |||
| cloud-ecs.gravityzone.bitdefender.com cloudgz-ecs.gravityzone.bitdefender.com |
Link between Security Server and Communication Server | |||
| download.bitdefender.com | Downloading updates | |||
| 80 |
upgrade.bitdefender.com |
Fallback for downloading updates from the Bitdefender Update Servers (the official repository) |
||
| download.bitdefender.com | Downloading installation kits | |||
| *.cdn.bitdefender.net:80 | Downloading updates from the online Bitdefender Update Servers (the official repository) | |||
| Sandbox Analyzer | Both | 443 | Sandbox Analyzer Portal | Allows communication between the endpoint and the Sandbox Analyzer Portal. Handles file submission to sandbox-portal.gravityzone.bitdefender.com. |
(*) Since the relay is an update server that needs to listen all the time on a port, Bitdefender provides a mechanism able to automatically open a random port on localhost (127.0.0.1), so that the update server can receive proper configuration details. This mechanism applies when the default port 7074 is used by another application. In this case, the update server tries to open the 7075 port to listen on localhost. If 7075 port is also unavailable, the update server will search for another port that is free (in range of 1025 to 65535) and successfully bind to listen on localhost.
Australia:
(+61) 1300 888 829, (+61) 385 956 732
Canada:
(+1) 647 977 5827, (+1) 647 367 1846 
Deutschland:
(+49) 2304 9993004 
España:
(+34) 937 370 223
France:
+33(0)184070660 
New
Zealand: (+64) 0800 451 786 
Osterreich:
(+49) 2304 9993004 
România:
(+40) 21 264 1777, (+40) 374 303 077 
Schweiz:
(+49) 2304 9993004 
United
States: (+1) 954 414 9621, (+1) 954
281 4669 
United
Kingdom: (+44) 2036 080 456, (+44) 2080 991 687 
WorldWide: (+40) 31 620 4235,
(+40) 374 303 035