Required ports, protocols, and services for the SSLv appliance
Article ID: 255161
Updated On:
Products
Issue/Introduction
You want to know the required ports, protocols, and services for the SSLv appliance.
Resolution
Depending on your SSLv appliance configuration, you must open certain ports and protocols on your firewalls for the appliance to function as intended, to use enabled features, or to allow connectivity to various components and data centers. This document presents basic configurations and some commonly used options.
Required Ports, Protocols, and Services
SSL Visibility uses the following ports while operating. Ensure that you allow these ports when setting up SSL Visibility.
Inbound Connections to SSL Visibility
Table: Inbound Connections
| Component | Port | Protocol | Configurable | Source | Description |
| WebUI Admin GUI | 8082 | HTTPS TCP | No | User client | Management Interface WebUI service |
| SSH Admin CLI | 22 | TCP | No | User client | SSH Admin CLI service |
| Symantec/Blue Coat License | 443 | HTTPS | No | License server | Symantec/Blue Coat license service |
| SNMP management | 161 | UDP | No | User client | SNMP agent for SNMP management access |
| NTP | 123 | UDP | No | NTP server | NTP time synchronization service |
| Remote Diagnostics Facility (RDF) | 2024 | TCP | No | RDF | Can be opened for support requests; normally closed |
Outbound Connections to SSL Visibility
Table: Outbound Connections
| Component | Port | Protocol | Configurable | Source | Description |
| SMTP/Secure SMTP | 25, 465, 587, 525, 2526 * | TCP TLS |
Yes | SMTP server | SMTP alerts |
| Syslog | 514, 601 * 514 * |
TCP TLS (3x) UDP TLS |
Yes | Syslog server | Remote syslog server Note: There are two syslog connections: one for the system log and one for the session log. |
| DNS | 53 | TCP UDP |
No | DNS server | Domain Name System service |
| SNMP Trap | 162 | UDP | No | SNMP Trap receiver | SNMP traps |
| Host Categorization (BCWF) | 443 | HTTPS | No | Symantec | Host categorization database |
| TACACS+ | 49 | TCP | Yes | TACACS server | TACACS+ authentication |
| NTP | 123 | UDP | No | NTP server list | Synchronization to customer-configured NTP server |
| Diagnostics Upload | 443 | HTTPS | No | Symantec | Diagnostics upload service |
Required URLs
Ensure connectivity from SSL Visibility to the following URLs.
| URL | Port | Protocol | Description |
| abrca.bluecoat.com | 443 | HTTPS TCP | Symantec CA |
| *.es.bluecoat.com | 443 | HTTPS TCP | License, validation, and subscription services |
| appliance.bluecoat.com/sgos/trust_package.bctp | 80 | HTTP TCP | Trust package downloads |
| upload.bluecoat.com mft.symantec.com |
443 | HTTPS TCP | Upload diagnostic reports to Symantec support |
Additional Information
For an index of ports and protocols articles, refer to the following article: Required ports, protocols, and services for Broadcom appliances.
For details about earlier versions and legacy products, see the PDF document Required Ports, Protocols, and Services for Symantec Enterprise Security Products.
Feedback
