Port configuration guide
Below are the ports that need to be open for the regular functioning of DataSecurity Plus.
Product ports
The table below lists the default ports used by DataSecurity Plus. These can be changed during or after installation.
| Port | Protocol | Purpose |
| 8800 | HTTP | Product web server and secondary port for agent to server communication |
| 9163 | HTTPS | Product web server and secondary port for agent to server communication |
| 8999 | HTTPS | Primary port for agent to server communication |
| 8888 | TCP | To ensure successful communication between the DataSecurity Plus server and Cloud Protection gateway server, ensure the following:
|
- To check which port is being used for HTTP/HTTPS communication, open the web console and navigate to Admin > General Settings > Connection.
- To change the default ports after installation, open the DataSecurity Plus web console and navigate to Admin Console > General Settings > Connection > Change port.
- Agent port 8999 and agent protocol HTTPS are used for agent data collection. In case of communication failure, the DataSecurity Plus server port and DataSecurity Plus server protocol are used after fallback.
The current fallback flow happens in a round-robin manner:
https://ServerName:8999
https://ServerFQDN:8999
https://ServerIP:8999
serverProtocol://ServerName:serverPort
serverProtocol://ServerFQDN:serverPort
serverProtocol://ServerIP:serverPort
System ports
The table below lists the ports on the destination computers that DataSecurity Plus uses. These ports can be opened in Windows or third-party firewalls.
| Port | Protocol | Destination | Service | Purpose | Direction |
| 135 | TCP | Monitored computers | RPC | Agent communication | Outbound |
| 137 | TCP and UDP | Monitored computers | RPC | Agent communication | Outbound |
| 138 | UDP | Monitored computers | RPC | Agent communication | Outbound |
| 139 | TCP | Monitored computers | RPC | Agent communication | Outbound |
| 445 | TCP and UDP | Monitored computers | RPC | For listing file shares | Outbound |
| 389 | TCP and UDP | Domain controllers | LDAP | For syncing AD objects with DataSecurity Plus | Outbound |
| 636 | TCP | Domain controllers | LDAP over SSL | For syncing AD objects with DataSecurity Plus | Outbound |
| 3268 | TCP | Domain controllers | Global catalog | For syncing AD objects with DataSecurity Plus | Outbound |
| 3269 | TCP | Domain controllers | Global catalog over SSL | For syncing AD objects with DataSecurity Plus | Outbound |
| 88 | TCP | Domain controllers | Kerberos | For syncing AD objects with DataSecurity Plus | Outbound |
| 25 | TCP | SMTP servers | SMTP | To send emails | Outbound |
| 465 | TCP | SMTP servers | SSL | To send emails | Outbound |
| 587 | TCP | SMTP servers | TLS | To send emails | Outbound |
| 49152 - 65535 | TCP | Monitored computers | RPC randomly allocated high TCP ports | For agent communication and cluster configuration | Outbound |
- Remote registry services are required to monitor agent status and must be running on all machines that have the DataSecurity Plus agent installed.
- If you are using Windows Firewall, you can open dynamic ports 49152 to 65535 on the monitored computers by enabling the outbound rules listed below.
- Remote Event Log Management (NP-In)
- Remote Event Log Management (RPC)
- Remote Event Log Management (RPC-EPMAP)
To enable the above rules: Open Windows Defender Firewall with Advanced Security > Inbound Rules, and right-click the respective rules > Click Enable Rule.