What Ports Should Be Open For EDR to Inbound Communication?
search cancel

What Ports Should Be Open For EDR to Inbound Communication?

book

Article ID: 383239

calendar_today

Updated On:

Products

Carbon Black EDR

Issue/Introduction

When setting non-EDR managed firewall rules, what ports are recommended for communication into the EDR server?

Environment

  • Carbon Black EDR: All Versions

Resolution

Standalone

  • Only port required for inbound communication is port 443. This port used for WebUI and Sensor communication by default.
  • Port 443 should also be allowed outbound 

Cluster

  • Port 443 should be allowed inbound for WebUI, API and Sensor Communication on all nodes. 
  • These service ports should be allowed to communicate inbound between each minion and primary nodes.
    • 8080
    • 25004 
    • 6500
    • 4369
    • 5701
  • These ports should be allowed inbound communication to the Minion from the Primary server only.
    • 6379
    • 9000
    • 443
  • These ports should be allowed inbound communication to the Primary from each Minion.
    • 5002
    • 5600

Additional Information

  • To see the recommended firewall rules, you can utilize this command.  
    /usr/share/cb/cbcheck firewall -L
  • What Ports are used by EDR Server?
  • Exposing these ports to outside communication can cause vulnerability scanners to flag these services. 
Powered by Wolken Software