What ports and addresses are required for Agent and Server communication?

• App Control Server: All Supported Versions
• App Control Agent: All Supported Versions

Communication Between Server & Agent:

• 41002 - Communication port between Agent and Server and incremental CL Updates.
  • This port is configurable during Server install.
• 443 - Console access and file transfer between Agent and Server (Agent upgrades, Agent logs, Yara Rules, Full Configlist updates, etc).
  • If an alternate Resource Download Location is used, Port 443 to that address will be required.
• The endpoints and application server must posses a matching Cipher Suite & Protocol.

Communication Between Server & Reputation Services:

• 443 to services.bit9.com
  • Currently TLS 1.2 is required on the application server.

Two Tier Environment:

• 1433 - Configurable default port to remote SQL Server.

Publisher Validation (CRL Checks):

• The URL and Port combination for the Certificate Revocation List Distribution Point is determined by the issuing Certificate Authority.
• The Agent will rely on the Operating System to validate these certificates via the CRL Distribution Point.
• If using a Proxy for Internet Access this information must be set at the OS Layer to allow the Agent generated CRL Traffic to follow the Proxy settings.

• SSL Inspection is not supported for communication between the Agents and Server.
• HTTP Session Sharing (Ex: F5 OneConnect) is not supported.
• The source port opened by the Agent will be determined by the OS ephemeral port configuration and is not determined by the App Control Agent.
• Further detail about the ports, and communication requirements can be found in the Operating Environment Requirements guide under Server Documentation.