Download Servers and Open Ports Needed for Updating Secure Web Gateway
Secure Web Gateway needs to access several download servers to retrieve files with updated information used for filtering web traffic and maintaining the appliance system. If you are running a firewall in your configuration, particular ports must be open to allow communication with the download servers.
The data that is retrieved from the download servers includes:
- Categories and reputation scores for URL filtering with Trusted Source
- Signatures for the anti-malware filtering engines
- Signatures for Application Control
- Data Loss Protection (DLP) information
- New product versions
- Operating system upgrades
In the following, more information is provided about the download servers that Secure Web Gateway needs to access and the ports that must be open to allow communication through a firewall.
Download Servers
The download server infrastructure for Secure Web Gateway is a worldwide cluster with multiple servers. This ensures that there is normally a download server available for Secure Web Gateway to retrieve updated information from.
The table below shows the host names and IP addresses of the download servers that Secure Web Gateway should be able to connect to.
NOTE: The IP addresses of the download servers are subject to change.
Host name | IP address or addresses |
---|---|
tau.skyhigh.cloud | 3.65.5.152 |
appliance.webwasher.com | 18.213.21.111 (US) |
appliance1.webwasher.com | 18.194.36.155 (Germany) |
appliance2.webwasher.com | 54.150.20.119 (Japan) |
cdn.tau.skyhigh.cloud | multiple IP addresses (Content Delivery Network) |
europe.tau.skyhigh.cloud | 18.170.148.17 (AWS, Europe) |
usa.tau.skyhigh.cloud | 3.18.80.243 (AWS, US) |
asia.tau.skyhigh.cloud | 13.213.162.227 (AWS, APAC) |
Open Ports
The table below shows the ports that should be open to allow communication through a firewall. Only default ports are included, but you can configure additional ports. Depending on your configuration, not all inbound ports need to be open by default.
The meaning of the terms in the Direction column is as follows:
- Inbound — Remote system initiates connection
- Outbound — Local system initiates connection
- Bidirectional — Connection can be initiated from either side
Port | Direction | Transport protocol |
Application protocol |
Destination | Use | Note |
---|---|---|---|---|---|---|
22 | Inbound | TCP | SSH | Local | Secure shell for the administrator | |
161 | Inbound | TCP/UDP | SNMP | Local | SNMP | |
1080 | Inbound | TCP | SOCKS | Local | SOCKS proxy | |
1344 | Inbound | TCP | ICAP | Local | ICAP | |
2000 - 20000 | Inbound | TCP | FTP | Local | Passive FTP data connection | From FTP client to Secure Web Gateway |
2121 | Inbound | TCP | FTP | Local | FTP control port | |
4005 | Inbound | TCP | IFP | Local | IFP | |
4711 | Inbound | TCP | HTTP | Local | User interface for the administrator | Also REST if enabled |
4712 | Inbound | TCP | HTTPS | Local | User interface for the administrator | Also REST if enabled |
4713 | Inbound | TCP | HTTP | Local | File server | |
4714 | Inbound | TCP | HTTPS | Local | File server | |
5050 | Inbound | TCP | Yahoo | Local | Yahoo proxy | |
5190 | Inbound | TCP | ICQ | Local | ICQ proxy | |
5222 | Inbound | TCP | XMPP | Local | XMPP (Jabber) proxy | |
9090 | Inbound | TCP | HTTP | Local | HTTP(S) proxy | |
9393 | Inbound | TCP | HTTPS | Local | Intel Active System Console | |
16000 - 17000 | Inbound | UDP | Local | SOCKS UDP relay | ||
20001–40000 | Inbound | TCP | FTP | Local | Active FTP data connection | From FTP server to Secure Web Gateway |
520 | Bidirectional | UDP | RIP | Your RIP routers | IP routing | |
12346 | Bidirectional | TCP | Proprietary | Your Secure Web Gateway appliances | Secure Web Gateway cluster communication | |
Bidirectional | IP | GRE | Your Secure Web Gateway appliances or WCCP routers | WCCP and traffic tunneling between Secure Web Gateway nodes | ||
Bidirectional | IP | OSPF | Your OSPF routers | IP routing | ||
Bidirectional | IP | VRRP | Your Secure Web Gateway appliances | VIP failover | ||
Bidirectional | IP | Proprietary | Your Secure Web Gateway appliances | Network driver cluster communication | ||
21 | Outbound | TCP | FTP | Arbitrary FTP servers | File transfer protocol | Active and passive |
25 | Outbound | TCP | SMTP | Your email server | Email notifications | |
53 | Outbound | TCP/UDP | DNS | Your DNS server | Domain Name System | |
443 | Outbound | TCP | HTTPS | Your Secure Web Gateway appliances | System update | |
80, 443 | Outbound | TCP | HTTP(S) | Arbitrary HTTP(S) servers | HTTP(S) user traffic | Other ports depending on configuration |
80, 443 | Outbound | TCP | HTTP(S) | Update servers, CRL download servers, OCSP requests, telemetry | Centralized updater | |
80, 443 | Outbound | TCP | HTTP(S) | Your customer-maintained subscribed list servers | Subscribed lists manager | |
80, 443 | Outbound | TCP | HTTP(S) | Your scheduled job servers (upload, download) | Scheduled jobs manager | |
123 | Outbound | TCP/UDP | NTP | Your NTP servers | Time synchronization | |
162 | Outbound | TCP/UDP | SNMP | Your SNMP trap sink | SNMP traps | |
389 | Outbound | TCP | LDAP | Your directory servers | Directory service or Active Directory | |
443 | Outbound | TCP | HTTPS | Your Trusted Source server | GTI cloud lookups (reputation, categories, geolocation, file reputation) | |
443 | Outbound | TCP | HTTPS | Your Trusted Source server | GTI telemetry (malicious URL feedback) | |
445 | Outbound | TCP | SMB | Your NTLM server | NTLM authentication | |
514 | Outbound | TCP/UDP | syslog | Your syslog servers | syslog | |
636 | Outbound | TCP | LDAP | Your directory servers | Secure directory or Active Directory | |
1344 | Outbound | TCP | ICAP | Your ICAP servers | ICAP | |
2020 (Source) | Outbound | TCP | FTP | Local | Active FTP data connection | From Secure Web Gateway to FTP client |
8883 | Outbound | TCP | DXL | Connection to the DXl broker | Communication between Secure Web Gateway and DXL broker installed on ePO | |
Your proxy ports | Outbound | TCP | HTTP | Your parent proxies | HTTP proxy | For user traffic and several internal connections, configured individually |