GravityZone (on-premises) communication ports
GravityZone is a distributed solution, meaning that its components communicate with each other through the use of the local network or the Internet. Each component uses a series of ports to communicate with the others.
Note
For the GravityZone (cloud) communication ports, refer to this section.
This section describes the communication ports used by the GravityZone components when the security solution is installed on the premises of your company.
You need to have these ports open and exclude all addresses mentioned in this table from any gateway security solution or network packet inspection so that GravityZone functions flawlessly.
Component | Direction | Port | Source / Destination | Description |
Web Console (Control Center) | Inbound | 80 (HTTP) | Any | Access to the Control Center web console, redirect to 443 |
443 (HTTPS) | Any | Access to the Control Center web console | ||
Outbound | 27017 | GravityZone Database Server | Access to the GravityZone Database | |
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | ||
389 (LDAP) | Active Directory Domain Controller | Active Directory integration | ||
636 (LDAPS) | ||||
3268 | Domain Controller Global Catalog | |||
3269 | ||||
443 | NSX Manager | VMware NSX Manager integration | ||
vCenter Server | Communication between GravityZone and vCenter Server | |||
lv2.bitdefender.com connect.nimbus.bitdefender.net | License validation | |||
7074 | GravityZone Update Server | Downloading updates | ||
7075 | ||||
9440 | Nutanix Prism Element | Nutanix Prism Element integration | ||
27017 | GravityZone Database Server | Access to the GravityZone database | ||
443 | Sandbox Analyzer Portal:
| These addresses are used for Manual submission directly from the GravityZone console and to secure connections through regular exchanges of authentication tokens. | ||
Custom | Syslog | Communication with Syslog/SIEM servers over syslog protocol. The usual Syslog communication destination ports are UDP 514 and TCP 1468. However, you should check the exact ports with your Syslog/SIEM vendor. GravityZone supports custom ports for Syslog on both UDP and TCP. | ||
Both | 22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster | |
4369, 5672, 6150 | GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster | ||
32002 | Web Console | Communication between Web Console instances when this role is distributed | ||
Communication Server | Inbound | 8443 | Any | Traffic management from/to Security Server, Security Agent, Mobile Client |
8080 | Windows XP / Windows Server 2003 | Communication with the GravityZone appliance for normal and silent deployment | ||
Outbound | 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | |
27017 | GravityZone Database Server | Access to the GravityZone Database | ||
5228, 5229, 5230 | Firebase Cloud Messaging | Push notifications to Android devices | ||
2195, 2196, 5223 | Apple Push Notification service | Push notifications to iOS devices. For more information, refer to this Apple KB article. | ||
7074 | GravityZone Update Server | Downloading updates from the local Update Server | ||
7075 | ||||
Both | 22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster | |
4369, 5672, 6150 | GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster | ||
Database Server | Inbound | 27017 | GravityZone Database Server | Access to other GravityZone database instances and replica set members. |
Outbound | 7074 | Update Server | Downloading updates | |
7075 | ||||
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | ||
Both | 22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster | |
Update Server | Outbound | 80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Downloading updates from the online Bitdefender Update Servers (the official repository) |
download.bitdefender.com | Downloading installation kits | |||
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | ||
443 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Publishing updates | ||
download.bitdefender.com | Downloading updates | |||
*.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-lon-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Cloud Servers | |||
kdn.bitdefender.net | Submitting crash reports and suspicious files for analysis. | |||
Both | 22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster | |
7074 | GravityZone Update Server | Downloading updates | ||
7075 | Outside proxy servers (if configured) download.bitdefender.com upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net lv2.bitdefender.com | Handles communication between GravityZone services and the outside world / Ports used to allow communication between Control Center and Communication Server. | ||
7077 | Any | Staging Update Server communication. | ||
Report Builder Database | Inbound | 27017 | Report Builder Processors | Listening for requests |
Outbound | 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | |
7074 | GravityZone Update Server | Downloading updates | ||
7075 | ||||
Both | 22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster | |
Report Builder Processors | Inbound | 6379 | Communication Server | Listening for requests |
Outbound | 27017 | GravityZone Report Builder Database | Access to the Report Builder Database | |
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | ||
Both | 80 | Web Console | Access to Web Console, redirect HTTP request to port 443; Listening for requests | |
443 | Web Console | Access to Web Console; Listening for requests | ||
22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster | ||
Incidents Server | Inbound | 8444 | Security Agent | Traffic between the Security agent and the Incidents server. |
Relay Agent | Traffic between the Relay agent and the Incidents server. | |||
Outbound | 27017 | GravityZone Database Server | Access to the GravityZone Database | |
7074 | GravityZone Update Server | Downloading updates from the local Update Server | ||
7075 | ||||
123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | ||
Both | 4369, 5672, 6150 | GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster. | |
22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster. | ||
Security Agent (BEST, BEST Legacy, Endpoint Security, Bitdefender Endpoint Security Tools) | Outbound | 80 | ||
upgrade.bitdefender.com *.cdn.bitdefender.net:80 | Downloading updates from the online Bitdefender Update Servers (the official repository) | |||
lv2.bitdefender.com | License validation | |||
7074 | GravityZone Update Server | Downloading updates from GravityZone Update Server | ||
Relay (if available) | Downloading installation packages in the deployment phase from the Relay Communication messages received from endpoints linked to the Relay | |||
7076 | Bitdefender Global Protective Network: *.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-lon-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Encrypted communication messages (when the Relay is used as a proxy) | ||
8080, 8443 | Communication Server | Link between the Security Agent and Communication Server Downloading installation packages during deployment (Setup Downloader) | ||
8444 | Incidents Server | EDR traffic sent by Security Agent | ||
443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | ||
Sandbox Analyzer Portal: sandbox-portal.gravityzone.bitdefender.com sandbox-portal-us.gravityzone.bitdefender.com | Communication between the feeding sensor and the virtual machines from Sandbox Analyzer Cluster on which the sample is detonated. | |||
*.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-lon-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Global Protective Network | |||
kdn.bitdefender.net | Submitting crash reports and suspicious files for analysis. | |||
7081 | Security Server | Antimalware scanning with Security Server | ||
7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption | ||
22, 445 (SSH & SMB) | Any | Detects computers in the local network | ||
53 (DNS) | DNS Server | Internal use for DNS queries | ||
88 (Kerberos) | Active Directory Domain Controller | Active Directory integration for Linux computers | ||
389, 636 (LDAP & LDAPS) | Active Directory Domain Controller | Active Directory integration | ||
Inbound | 135 (RPC) | Any | Deployment through Relay | |
137, 138, 139 (NetBIOS) | Any | Deployment through Relay | ||
Relay Agent | Inbound | 7074 | Security Agent | Communication messages (such as settings and events) received from endpoints linked to the Relay |
7076 | Security Agent | Encrypted communication messages proxied from connected endpoints to Bitdefender Global Protective Network: nimbus.bitdefender.net | ||
Outbound | ||||
80 | ||||
upgrade.bitdefender.com *.cdn.bitdefender.net:80 | Downloading updates from the online Bitdefender Update Servers (the official repository) | |||
lv2.bitdefender.com | License validation | |||
7074 | Update Server | Downloading updates from GravityZone Update Server | ||
Relay* (if available) | Downloading installation packages in the deployment phase from another Relay Communication messages received from endpoints linked to the Relay | |||
7076 | Bitdefender Global Protective Network: *.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-lon-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Encrypted communication messages received from endpoints linked to the Relay Agent | ||
7081 | Security Server | Antimalware scanning with Security Server | ||
7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption | ||
8080, 8443 | Communication Server | Link between the Relay Agent and Communication Server Downloading installation packages during deployment (Setup Downloader) | ||
443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | ||
nimbus.bitdefender.net/elam/blob | Early Launch Anti-Malware (ELAM) cloud server | |||
*.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-lon-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Global Protective Network | |||
kdn.bitdefender.net | Submitting crash reports and suspicious files for analysis. | |||
Security Server (VMware NSX-T / NSX-V) | Inbound | 48652 | Guest Introspection driver | Communication between the hypervisor and Security Server |
6379 | Security Server | Allows traffic between Security Servers. | ||
22 | SSH Server | Allows remote SSH connections and file downloading from the Security Server quarantine. | ||
Outbound | 7074 | Update Server | Downloading updates from Update Server | |
80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Fallback for downloading updates from the Bitdefender Update Servers (the official Bitdefender repository) | ||
8443 | Communication Server | Link between Security Server and Communication Server | ||
6379 | Security Server | Allows traffic between Security Servers. | ||
Bitdefender Tools (Multi-Platform) | Outbound | 7081 | Security Server | Antimalware scanning with Security Server |
7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption | ||
8443 | Communication Server | Communication between Bitdefender Tools and Communication Server Downloading installation packages during deployment | ||
7074 | Update Server | Downloading updates | ||
443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | ||
80 | *.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-lon-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Antimalware scanning with Bitdefender Global Protective Network | ||
Security Server (Multi-Platform) | Inbound | 1344 | Any | Communication between NAS devices compliant with ICAP and Security Server |
7081 | Any | Antimalware traffic scanning sent by Security Agent | ||
7083 | Any | Antimalware traffic scanning sent by Security Agent over SSL | ||
6379 | Security Server | Allows traffic between Security Servers. | ||
Outbound | 443 | *.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-lon-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Periodical verification of antimalware detections with Bitdefender Global Protective Network | |
7074 | Update Server | Downloading updates from GravityZone Update Server | ||
8443 | Communication Server | Link between Security Server and Communication Server | ||
80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net | Fallback for downloading updates from the Bitdefender Update Servers (the official Bitdefender repository) | ||
Network Sensor VA | Outbound | 443 | Sandbox Analyzer Portal: sandbox-portal.gravityzone.bitdefender.com | Communication between the feeding sensor and the virtual machines on which the sample is detonated. |
GravityZone Mobile Client | Outbound | 8443 | Communication Server | Mobile Client management |
443 | *.nimbus.bitdefender.net Or you can exclude instead all the addresses below: nimbus.bitdefender.net elb-fra-gcp.nimbus.bitdefender.net elb-lon-gcp.nimbus.bitdefender.net elb-nvi-gcp.nimbus.bitdefender.net elb-ore-gcp.nimbus.bitdefender.net elb-iow-gcp.nimbus.bitdefender.net elb-tky-gcp.nimbus.bitdefender.net | Antimalware and web security scanning with Bitdefender Global Protective Network (Android devices only) | ||
Network Attack Defense | Both | 8887 TCP | Any | Opened with BEST for Linux enables NAD (Network Attack Defense). If port 8887 is used by another application or blocked by a firewall, Network Attack Defense will not be able to receive traffic. |
*Since the relay is an update server that needs to listen all the time on a port, Bitdefender provides a mechanism able to automatically open a random port on localhost (127.0.0.1), so that the update server can receive proper configuration details. The update server tries to open the 7075 port to listen on localhost. If 7075 port is unavailable, the update server will search for another port that is free (in the range of 1025 to 65535) and successfully bind to listen on localhost.
Port 7074 must be open for deployment through Bitdefender Endpoint Security Tools Relay to work.
If you are using role balancers in your environment, make sure to allow all traffic between endpoints and role balancer and between role balancer and other roles on ports 80, 443, 8080, 8443, 27017, and 8444.