search cancel

Required ports, protocols, and services for the SSLv appliance

book

Article ID: 255161

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

You want to know the required ports, protocols, and services for the SSLv appliance.

Resolution

Depending on your SSLv appliance configuration, you must open certain ports and protocols on your firewalls for the appliance to function as intended, to use enabled features, or to allow connectivity to various components and data centers. This document presents basic configurations and some commonly used options. 

Required Ports, Protocols, and Services
SSL Visibility uses the following ports while operating. Ensure that you allow these ports when setting up SSL Visibility.

Inbound Connections to SSL Visibility
Table: Inbound Connections

Component  Port Protocol  Configurable  Source Description
WebUI Admin GUI 8082 HTTPS TCP No User client Management Interface WebUI service
SSH Admin CLI 22 TCP No User client SSH Admin CLI service
Symantec/Blue Coat License 443 HTTPS No License server Symantec/Blue Coat license service
SNMP management 161 UDP No User client SNMP agent for SNMP management access
NTP 123 UDP No NTP server NTP time synchronization service
Remote Diagnostics Facility (RDF) 2024 TCP No RDF Can be opened for support requests; normally closed


Outbound Connections to SSL Visibility
Table: Outbound Connections

Component  Port Protocol  Configurable Source Description
SMTP/Secure SMTP 25, 465, 587, 525, 2526 * TCP
TLS
Yes SMTP server SMTP alerts
Syslog 514, 601 *
514 *
TCP
TLS (3x)
UDP
TLS
Yes Syslog server Remote syslog server
Note: There are two syslog connections: one for the system log and one for the session log.
DNS 53 TCP
UDP
No DNS server Domain Name System service
SNMP Trap 162 UDP No SNMP Trap receiver SNMP traps
Host Categorization (BCWF) 443 HTTPS No Symantec Host categorization database
TACACS+ 49 TCP Yes TACACS server TACACS+ authentication
NTP 123 UDP No NTP server list Synchronization to customer-configured NTP server
Diagnostics Upload 443 HTTPS No Symantec Diagnostics upload service


Required URLs
Ensure connectivity from SSL Visibility to the following URLs.

URL  Port Protocol Description
abrca.bluecoat.com 443 HTTPS TCP Symantec CA
*.es.bluecoat.com 443 HTTPS TCP License, validation, and subscription services
appliance.bluecoat.com/sgos/trust_package.bctp 80 HTTP TCP Trust package downloads
upload.bluecoat.com
mft.symantec.com
443 HTTPS TCP Upload diagnostic reports to Symantec support