000015676 - What Ports are used by enVision

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015676
Applies ToRSA enVision
port
4.0.0, 3.7.0, 3.5.0
 
IssueWhat Ports are used by enVision
Resolution

To find what ports are used by enVision use the online help:


Click on the Question mark within enVision near the top of the window. It will be inside a white circle.


Click Search in the lower left hand corner of the panel that now appears and type in "Ports used by enVision" next to the search button at the top of the same panel.


Click the Search button and it will be the first result that comes back.


Below is the list of ports are used:


 


Ports Used by enVision   
    
The Item column describes the communication that uses TCP or UDP ports. The description may include the 
protocol, the hosts or processes with which enVision appliances communicate, and the applicable enVision 
configurations, features, or versions   
The Port column specifies one or more TCP or UDP ports, and the Direction column specifies whether the 
usage is Inbound to and/or Outbound from the enVision appliance. For each Item, all of the specified ports 
are used in all of the specified directions.    
For an enVision deployment with multiple appliances, the Appliance Type column identifies the node types 
that pertain to each Item. For a deployment with a single appliance, every Item is applicable unless otherwise
 noted   
    
Ports Used by enVision for User Interfaces   
ItemPortDirectionAppliance Type
JNDI, RMI, and EJB client proxy connections from the NIC Web Server service to the NIC App Server service for VAM browsing in the enVision web UI TCP 1098 TCP 1099 TCP 3873 TCP 4444Outbound from any A-SRV                        Inbound to the A-SRV that runs the NIC App Server serviceA-SRV 
Connection from Event Explorer to the NIC App Server service for Task Triage and VAM browsing TCP 1098 TCP 1099 TCP 3873 TCP 4444Inbound to the A-SRV that runs the NIC App Server service A-SRV 
Connection from the Event Viewer in the enVision Web UI to the NIC Server service TCP 2010 InboundD-SRV 
Connection from Event Explorer to the NIC Server service TCP 2010 Inbound D-SRV 
HTTP Connection from the enVision Web UI to NIC Web Server service TCP 8080 Inbound A-SRV 
HTTP Connection from Event Explorer to the NIC Web Server service TCP 8080 Inbound A-SRV 
HTTPS Connection from the enVision Web UI to the NIC Web Server service TCP 8443 Inbound A-SRV 
HTTPS Connection from Event Explorer to the NIC Web Server service TCP 8443 Inbound A-SRV 
    
Ports Used for Remote Appliance Management    
ItemPortDirectionAppliance Type
Connection to Internet Information services (part of the appliance OS) to download the Terminal Server ActiveX web clientTCP 80InboundAll
HTTP Connection to Terminal Server (part of the appliance OS) from the DRAC Management ConsoleTCP 80*InboundFor 60 Series Only, All
HTTPS Connection to Terminal Server (part of the appliance OS) from the DRAC Management ConsoleTCP 443*Inbound 
Connection to Terminal Server (part of the appliance OS) from the ActiveX web client or the full Remote Desktop Connection Client TCP 3389 InboundAll
DRAC Desktop Console Redirection from the Dell Remote Access Card for OOB Management (remote desktop capability) TCP 5900*  TCP 5901*Inbound and OutboundFor 60 Series Only, All
* Configurable port. See Support.Dell.com for Dell Remote Access User Guide on how to change ports and
information on other features of the Dell Remote Access Console.
    
Ports Used by enVision for Communications Between Services 
ItemPortDirectionAppliance Type
FTP File transfer connection from the NIC Forwarder service to forward collected data from the RC to the D-SRV (applies only to deployments with an RC at version lower than 3.5.0 forwarding to a D-SRV at version 3.5.0 or higher)TCP 20   TCP 21Outbound from the RC     Inbound to the D-SRVRC, D-SRV
SFTP File transfer connection from the NIC WinSSHD service to forward collected data from the RC to the D-SRV (applies only to deployments with an RC at version 3.5.0 or higher)TCP 22Outbound from the RC  Inbound to the D-SRVRC, D-SRV 
Connection from the NIC Logger service for collection of internal events from NIC services and from the NIC SFTP agent for Windows (in deployments with multiple appliances, communications from NIC services are to the D-SRV from all appliances within the site; in deployments with an RC, communications from NIC services on the RC are local; NIC SFTP agents communicate to their associated D-SRV or RC)UDP 600Outbound from any appliance and from all services and devices with SFTP agents Inbound to D-SRV or RCAll, D-SRV, RC
Connection to the NIC Server service for IPDB (connections across sites are between any two D-SRVs or between any D-SRV and any RC)TCP 2010Inbound and OutboundD-SRV, RC 
Connections from the NIC Server service to the NIC Packager service(deployments with multiple appliances only; connections are from the D-SRV to any LC within the site)TCP 2015Inbound to the LC   Outbound from the D-SRVLC, D-SRV 
Connection from the NIC DB Replication Client service to the NIC DB Replication Server service (deployments with multiple appliances only; within a site, connections are to the D-SRV from any other appliance; in a deployment of multiple sites, connections between sites are from a D-SRV to its master D-SRV)TCP 2439 Inbound to the D-SRV    Outbound from any appliance D-SRV 
Connection to the NIC DB Server service for the configuration database    (For enVision versions: 3.5.0 and higher, connections are local only.) (Lower than 3.5.0, communications include local connections on any appliance, connections within a site to the D-SRV from any other appliance, and connections across sites to a master D-SRV from its slave D-SRV or RC.) TCP 26383.5.0 and higher: Inbound to any applianceAll 
Connection to the NIC DB Report Server service for the report database (communication is local only) TCP 3989 InboundA-SRV 
    
Ports Used by enVision Services for Communication with Other Network Services and Applications
ItemPortDirectionAppliance Type
Connection from the NIC Alerter service for SMTP email sent by enVision to an SMTP serverTCP 25 OutboundA-SRV 
Connection from the NIC Server service for DNS resolution (local requests use UDP port 53 on the appliance; remote requests use UDP port 53 on the remote DNS server)UDP 53Outbound and InboundD-SRV, RC 
Connection from the NIC Alerter service for SNMP traps sent by enVision to a trap receiverUDP 162 OutboundA-SRV 
Connection from enVision for integration with LDAP serversTCP 389 TCP 636OutboundA-SRV 
Connection from the NIC Alerter service for SNPP alerts sent by enVision to a paging serverTCP 444OutboundA-SRV 
Connection from the NIC Alerter service for Syslog messages sent by enVision to a remote syslog serverUDP 514 (this is the default; you can use output action configuration to change this port )OutboundA-SRV 
Connection from the NIC Alerter service for AIM alerts sent by enVision (authentication uses TCP port 29999 at login.oscar.aol.com; messaging uses TCP port 5190 at toc.oscar.aol.com)TCP 5190 TCP 29999OutboundA-SRV 
HTTPS connection from external application such as external ticketing system to NIC AppServer to update tasks.TCP 8086Outbound from external application            Inbound to the A-SRV where the NIC App Server service runsA-SRV
    
Ports Used for Event Collection   
ItemPortDirectionAppliance Type
Connection to NIC File Reader service for FTP sent to enVision (for example, from devices with a UNIX FTP client script)TCP 20   TCP 21InboundLC, RC
Connection to NIC WinSSHD service for Secure FTP sent to enVision (for example, from devices with the Windows SFTP client or a UNIX SFTP client script)TCP 22InboundLC, RC
Connection to NIC Trapd service for SNMP traps sent to enVisionUDP 162 InboundLC, RC
Connection to NIC Collector service for Syslog sent to enVisionUDP 514InboundLC, RC
Connection to NIC ODBC service for ODBC event collection (the ports listed are the defaults; ports may be customized on your devices)TCP 1109 (ActivIdentity)        TCP 1433 (ISS SiteProtector, McAfee ePolicy Orchestrator, Microsoft SQL Server) TCP 1521 (Oracle Database)OutboundLC, RC
    
Ports Used for Event Collection, Using Device-Specific Services 
ItemPortDirectionAppliance Type
Connection from NIC Windows service for Windows data collectionTCP 135 TCP 139 TCP 445 dynamic RPC portsOutboundLC,RC
Connection from NIC SDEE Collection service for Cisco Secure IDS data collectionTCP 443 OutboundLC,RC
Connection from NIC FW-1 LEA Client service for Check Point FireWall-1, VPN-l, Provider-1, and SmartDefense data collectionTCP 18184 OutboundLC,RC
Connection from NIC FW-1 LEA Client service for Check Point FireWall-1, VPN-l, Provider-1, and SmartDefense used to exchange certificates when using authentication type requiring a pull, such as sslcaTCP 18210 TCP 18211OutboundLC,RC
    
Ports Used for Asset Data Collection by NIC Vulnerability Service (Deprecated) 
ItemPortDirectionAppliance Type
Connection to the NIC Vulnerability service for nCircle IP360 data collection                                           This vulnerability service is deprecated. Please use the Asset Collector Service.TCP 22 InboundD-SRV 
Connection to the NIC Vulnerability service for QualysGuard data collection.                                This vulnerability service is deprecated. Please use the Asset Collector Service.TCP 443 OutboundD-SRV 
    
Ports Used for Asset Data Collection by VAM (Vulnerability and Asset Management) Services 
ItemPortDirectionAppliance Type
Connection to the Asset Collector service for Nessus and/or nCircle IP360 data collectionTCP 22 InboundLC
Connection to the Asset Collector service for QualysGuard data collectionTCP 443InboundLC
Connection from the Asset Collector service for McAfee Foundscan and/or ISS Site Protector data collectionTCP 1433 OutboundLC
    
Ports Used by Windows Services Required by enVision  
ItemPortDirectionAppliance Type
Connection to the Local Security Authentication ServerTCP 88 InboundAll
Connection to the Local Security Authentication ServerDynamic RPC portsInboundAll
Connection to NT File Replication servicesDynamic RPC portsInboundAll


 
Legacy Article IDa47550

Attachments

    Outcomes