Communication & Port Requirements
search cancel

Communication & Port Requirements

book

Article ID: 286607

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

What ports and addresses are required for Agent and Server communication?

Environment

  • App Control Server: All Supported Versions
  • App Control Agent: All Supported Versions

Resolution

Communication Between Server & Agent:

  • 41002 - Communication port between Agent and Server and incremental CL Updates.
    • This port is configurable during Server install.
  • 443 - Console access and file transfer between Agent and Server (Agent upgrades, Agent logs, Yara Rules, Full Configlist updates, etc).
  • The endpoints and application server must posses a matching Cipher Suite & Protocol.

Communication Between Server & Reputation Services:

  • 443 to services.bit9.com
    • Currently TLS 1.2 is required on the application server.

Two Tier Environment:

  • 1433 - Configurable default port to remote SQL Server.

Publisher Validation (CRL Checks):

  • The URL and Port combination for the Certificate Revocation List Distribution Point is determined by the issuing Certificate Authority.
  • The Agent will rely on the Operating System to validate these certificates via the CRL Distribution Point.
  • If using a Proxy for Internet Access this information must be set at the OS Layer to allow the Agent generated CRL Traffic to follow the Proxy settings.

Additional Information

  • SSL Inspection is not supported for communication between the Agents and Server.
  • The source port opened by the Agent will be determined by the OS ephemeral port configuration and is not determined by the App Control Agent.
  • Further detail about the ports, and communication requirements can be found in the Operating Environment Requirements guide under Server Documentation.