App Control: What ports are required to be open?
search cancel

App Control: What ports are required to be open?

book

Article ID: 286607

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Which ports are required to be open on the firewall for the App Control ?

Environment

  • App Control Server: All Supported Versions
  • App Control Agent: All Supported Versions

Resolution

For App Control Server and Agent communication:
  • 41002 - Communication port between Agent and Server and incremental CL Updates
  • 443 - Console access and file transfer between Agent and Server (Yara rules, Full CL updates, agent upgrades, agent logs,etc).
For App Control Server and CDC Connection:
  • 443 to services.bit9.com
For SQL Server in a Two-tier Environment (database on a different application server than Console):
  • 1433 - Configurable default port for SQL Server.

Additional Information

  • SSL Inspection is not supported for communication between the Agents and Server.
  • The resource download location can be changed:
    • https://community.carbonblack.com/t5/Knowledge-Base/App-Control-How-to-Update-Resource-Download-Location/ta-p/83105
  • 41002 is configurable during server install.
  • Further detail about the ports, and communication requirements can be found in the Operating Environment Requirements guide under Server Documentation.
  • The source port opened by the Agent will be determined by the OS ephemeral port configuration and is not determined by the App Control Agent.
  • If using a Proxy for Internet Access this information must be set at the OS Layer as well to ensure Certificate Revocation List Checks are able to be conducted.