1-15
Firepower 7000 and 8000 Series Installation Guide
Chapter 1 Introduction to the Firepower System
Security, Internet Access, and Communication Ports
Note that the system allows you to change some of its communication ports:
• You can specify custom ports for LDAP and RADIUS authentication when you configure a
connection between the system and the authentication server; see the Firepower Management
Center Configuration Guide.
• You can change the management port (8305/tcp); see the Firepower Management Center
Configuration Guide. However, Cisco strongly recommends that you keep the default setting. If you
change the management port, you must change it for all appliances in your deployment that need to
communicate with each other.
• You can use port 32137/tcp to allow upgraded Firepower Management Centers to communicate with
the Collective Security Intelligence Cloud. However, Cisco recommends you switch to port 443,
which is the default for fresh installations of Version 6.0 and later. For more information, see the
Firepower Management Center Configuration Guide.
The following table lists the open ports required by each appliance type so that you can take full
advantage of Firepower System features.
Table 1-7 Default Communication Ports for Firepower System Features and Operations
Port Description Direction Is Open on... To...
22/tcp SSH/SSL Bidirectional Any allow a secure remote connection to the
appliance.
25/tcp SMTP Outbound Any send email notices and alerts from the
appliance.
53/tcp DNS Outbound Any use DNS.
67/udp
68/udp
DHCP Outbound Any use DHCP.
Note These ports are closed by default.
80/tcp HTTP Outbound Any except virtual
devices and
ASA FirePOWER
allow the RSS Feed dashboard widget to
connect to a remote web server.
Bidirectional Management Center update custom and third-party Security
Intelligence feeds via HTTP.
download URL category and reputation data
(port 443 also required).
161/udp SNMP Bidirectional Any except virtual
devices and
ASA FirePOWER
allow access to an appliance’s MIBs via
SNMP polling.
162/udp SNMP Outbound Any send SNMP alerts to a remote trap server.
389/tcp
636/tcp
LDAP Outbound Any except virtual
devices
communicate with an LDAP server for
external authentication.
389/tcp
636/tcp
LDAP Outbound Management Center obtain metadata for detected LDAP users.
443/tcp HTTPS Inbound Any except virtual
devices and
ASA FirePOWER
access an appliance’s web interface.
To Next Page
Loading...
