GravityZone (on-premises) communication ports
GravityZone is a distributed solution, meaning that its components communicate with each other through the use of the local network or the Internet. Each component uses a series of ports to communicate with the others.
Note
For the GravityZone (cloud) communication ports, refer to this section.
This section describes the communication ports used by the GravityZone components when the security solution is installed on the premises of your company.
You need to have these ports open and exclude all addresses mentioned in this table from any gateway security solution or network packet inspection so that GravityZone functions flawlessly.
Web Console
Inbound
Port | Source / Destination | Purpose |
80 (HTTP) | Any | Access to the Control Center web console, redirecting to 443 |
443 (HTTPS) | Any | Access to the Control Center web console |
Outbound
Port | Source / Destination | Purpose |
27017 | GravityZone database server | Access to the GravityZone database server |
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. |
389 (LDAP) | Active Directory Domain Controller | The Active Directory integration |
636 (LDAPS) | ||
3268 | Domain Controller Global Catalog | |
3269 | ||
443 | NSX Manager | The VMware NSX Manager integration |
vCenter Server | Communication between GravityZone and the vCenter Server | |
lv2.bitdefender.com connect.nimbus.bitdefender.net | License validation | |
7074 | GravityZone Update Server | Downloading updates |
7075 | ||
443 | Sandbox Analyzer Portal: sandbox-portal.gravityzone.bitdefender.com sandbox-portal-us.gravityzone.bitdefender.com | Manual submission directly from the GravityZone console and securing connections through regular exchanges of authentication tokens |
Custom | Syslog | Communication with Syslog/SIEM servers over Syslog protocol. The usual Syslog communication destination ports are UDP 514 and TCP 1468. However, you should check the exact ports with your Syslog/SIEM vendor. GravityZone supports custom ports for Syslog on both UDP and TCP. |
Inbound and outbound
Port | Source / Destination | Purpose |
22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster |
4369, 5672, 6150 | GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster |
32002 | Web Console | Communication between Web Console instances when this role is distributed |
Endpoint Communication Server
Note
The Endpoint Events Processing Server role does not require any ports opened for communication.
Inbound
Port | Source / Destination | Purpose |
8443 | Any | Traffic management from/to Security Server, Security Agent, Mobile Client |
8080 | Windows XP / Windows Server 2003 | Communication with the GravityZone appliance for normal and silent deployment |
Outbound
Port | Source / Destination | Purpose |
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. |
27017 | GravityZone Database Server | Access to the GravityZone Database |
5228, 5229, 5230 | Firebase Cloud Messaging | Pushing notifications to Android devices |
2195, 2196, 5223 | Apple Push Notification service | Pushing notifications to iOS devices. For more information, refer to this Apple KB article. |
7074 | GravityZone Update Server | Downloading updates from the local Update Server |
7075 |
Inbound and outbound
Port | Source / Destination | Purpose |
22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster |
4369, 5672, 6150 | GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster. |
Database Server
Inbound
Port | Source / Destination | Purpose |
27017 | GravityZone Database Server | Access to other GravityZone database instances and replica set members |
Outbound
Port | Source / Destination | Purpose |
7074 | Update Server | Downloading updates |
7075 | ||
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. |
Inbound and outbound
Port | Source / Destination | Purpose |
22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster |
Update Server
Outbound
Port | Source / Destination | Purpose |
443 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Publishing updates |
download.bitdefender.com | Downloading updates | |
*.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net mclb-gcp.nimbus.bitdefender.net eu.nimbus.bitdefender.net us.nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-ned-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Antimalware, anti-phishing, and content control scanning with Bitdefender Cloud Servers |
Inbound and outbound
Port | Source / Destination | Purpose |
22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster |
7074 | GravityZone Update Server | Downloading updates |
7075 | Outside proxy servers (if configured): download.bitdefender.com upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net lv2.bitdefender.com | Handling communication between GravityZone services and the outside world Allowing communication between Control Center and Endpoint Communication Server |
7077 | Any | Staging Update Server communication |
Report Builder Database
Inbound
Port | Source / Destination | Purpose |
27017 | Report Builder Processors | Listening for requests |
Outbound
Port | Source / Destination | Purpose |
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. |
7074 | GravityZone Update Server | Downloading updates |
7075 |
Inbound and outbound
Port | Source / Destination | Purpose |
22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster |
Report Builder Processors
Inbound
Port | Source / Destination | Purpose |
6379 | Endpoint Communication Server | Listening for requests |
Outbound
Port | Source / Destination | Purpose |
27017 | GravityZone Report Builder Database | Access to the Report Builder Database |
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. |
Inbound and outbound
Port | Source / Destination | Purpose |
80 | Web Console | Access to Web Console, redirecting HTTP request to port 443 Listening for requests |
443 | Web Console | Access to Web Console Listening for requests |
22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster. |
Incidents Server
Inbound
Port | Source / Destination | Purpose |
8444 | Security Agent | Traffic between the Security Agent and the Incidents server |
Relay Agent | Traffic between the Relay Agent and the Incidents server |
Outbound
Port | Source / Destination | Purpose |
27017 | GravityZone Database Server | Access to the GravityZone Database |
7074 | GravityZone Update Server | Downloading updates from the local Update Server |
7075 | ||
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. |
Inbound and outbound
Port | Source / Destination | Purpose |
4369, 5672, 6150 | GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster |
22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster |
Security Agent (BEST)
Inbound
Port | Source / Destination | Purpose |
135 (RPC) | Any | Deployment through Relay |
137, 138, 139 (NetBIOS) | Any | Deployment through Relay |
Outbound
Port | Source / Destination | Purpose |
80 | update-onprem.2d585.cdn.bitdefender.net upgrade.bitdefender.com *.cdn.bitdefender.net:80 | Downloading updates from the online Bitdefender Update Servers (the official repository) |
lv2.bitdefender.com | License validation | |
7074 | GravityZone Update Server | Downloading updates from GravityZone Update Server |
Relay (if available) | Downloading installation packages in the deployment phase from the Relay Communication messages received from endpoints linked to the Relay | |
7076 | Bitdefender Global Protective Network: *.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net mclb-gcp.nimbus.bitdefender.net eu.nimbus.bitdefender.net us.nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-ned-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Encrypted communication messages (when the Relay is used as a proxy) |
8080, 8443 | Endpoint Communication Server | Link between the Security Agent and Endpoint Communication Server Downloading installation packages during deployment (Setup Downloader) |
8444 | Incidents Server | EDR traffic sent by Security Agent |
443 | Web Server | Downloading installation packages during deployment (Setup Downloader) |
Sandbox Analyzer Portal: sandbox-portal.gravityzone.bitdefender.com sandbox-portal-us.gravityzone.bitdefender.com | Communication between the feeding sensor and the virtual machines from the Sandbox Analyzer Cluster on which the sample is detonated | |
*.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net mclb-gcp.nimbus.bitdefender.net eu.nimbus.bitdefender.net us.nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-ned-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Antimalware, anti-phishing, and content control scanning with Bitdefender Global Protective Network | |
update-onprem.2d585.cdn.bitdefender.net | Downloading signature and product updates from the online Bitdefender Update Servers (the official repository) over an encrypted channel. | |
download.bitdefender.com (Linux only) | Downloading product updates from the online Bitdefender Update Servers (the official repository) over an encrypted channel. | |
7081 | Security Server | Antimalware scanning with Security Server |
7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption |
22, 445 (SSH & SMB) | Any | Detecting computers in the local network |
53 (DNS) | DNS Server | Internal use for DNS queries |
88 (Kerberos) | Active Directory Domain Controller | Active Directory integration for Linux endpoints |
389, 636 (LDAP & LDAPS) | Active Directory Domain Controller | Active Directory integration |
Relay agent
Inbound
Port | Source / Destination | Purpose |
7074 | Security Agent | Communication messages (such as settings and events) received from endpoints linked to the Relay. Used for product and security content updates. |
7076 | Security Agent | Encrypted communication messages proxied from connected endpoints to Bitdefender Global Protective Network: nimbus.bitdefender.net |
Outbound
Port | Source / Destination | Purpose |
80 | upgrade.bitdefender.com *.cdn.bitdefender.net:80 | Downloading updates from the online Bitdefender Update Servers (the official repository) |
lv2.bitdefender.com | License validation | |
7074 | Update Server | Downloading updates from the GravityZone Update Server |
Relay* (if available) | Downloading installation packages in the deployment phase from another Relay Communication messages received from endpoints linked to the Relay | |
7076 | Bitdefender Global Protective Network: *.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net mclb-gcp.nimbus.bitdefender.net eu.nimbus.bitdefender.net us.nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-ned-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Encrypted communication messages received from endpoints linked to the Relay Agent |
7081 | Security Server | Antimalware scanning with Security Server |
7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption |
8080, 8443 | Endpoint Communication Server | Link between the Relay Agent and Endpoint Communication Server Downloading installation packages during deployment (Setup Downloader) |
443 | Web Server | Downloading installation packages during deployment (Setup Downloader) |
*.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net mclb-gcp.nimbus.bitdefender.net eu.nimbus.bitdefender.net us.nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-ned-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Antimalware, anti-phishing, and content control scanning with Bitdefender Global Protective Network |
Security Server (VMware NSX)
Inbound
Port | Source / Destination | Purpose |
48652 | Guest Introspection driver | Communication between the hypervisor and Security Server |
6379 | Security Server | Allowing traffic between Security Servers |
22 | SSH Server | Allowing remote SSH connections and file downloading from the Security Server quarantine |
Outbound
Port | Source / Destination | Purpose |
7074 | Update Server | Downloading updates from the Update Server |
80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Fallback for downloading updates from the Bitdefender Update Servers (the official Bitdefender repository) |
8443 | Endpoint Communication Server | Link between Security Server and Endpoint Communication Server |
6379 | Security Server | Allowing traffic between Security Servers |
Security Server (Multi-Platform)
Inbound
Port | Source / Destination | Purpose |
1344 | Any | Communication between NAS devices compliant with ICAP and Security Server |
7081 | Any | Antimalware traffic scanning sent by Security Agent |
7083 | Any | Antimalware traffic scanning sent by Security Agent over SSL |
6379 | Security Server | Allowing traffic between Security Servers |
Outbound
Port | Source / Destination | Purpose |
443 | *.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net mclb-gcp.nimbus.bitdefender.net eu.nimbus.bitdefender.net us.nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-ned-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Periodical verification of antimalware detections with Bitdefender Global Protective Network |
7074 | Update Server | Downloading updates from GravityZone Update Server |
8443 | Endpoint Communication Server | Link between the Security Server and Endpoint Communication Server |
80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Fallback for downloading updates from the Bitdefender Update Servers (the official Bitdefender repository) |
GravityZone Mobile Client
Outbound
Port | Source / Destination | Purpose |
8443 | Endpoint Communication Server | Mobile Client management |
443 | *.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net mclb-gcp.nimbus.bitdefender.net eu.nimbus.bitdefender.net us.nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-ned-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Antimalware and web security scanning with Bitdefender Global Protective Network (Android devices only) |
Network Attack Defense
Inbound and outbound
Port | Source / Destination | Purpose |
8887 TCP | Any | Opened with BEST for Linux to enable Network Attack Defense If port 8887 is used by another application or blocked by a firewall, Network Attack Defense will not receive traffic. |
*Since the relay is an update server that needs to listen all the time on a port, Bitdefender provides a mechanism able to automatically open a random port on localhost (127.0.0.1) so that the update server can receive proper configuration details. The update server tries to open the 7075 port to listen on localhost. If 7075 port is unavailable, the update server will search for another port that is free (in the range of 1025 to 65535) and successfully bind to listen on localhost.
Port 7074 must be open for deployment through Bitdefender Endpoint Security Tools Relay to work.
If you are using role balancers in your environment, make sure to allow all traffic between endpoints and role balancer and between role balancer and other roles on ports 80, 443, 8080, 8443, 27017, and 8444.