Firewall ports
You might need to open the following ports on your DMZ firewall, depending on your network configuration:
| Port | Protocol | Direction | Required for |
|---|---|---|---|
| 20 | FTP | In/Out | Backup & Restore and Transaction Log Export if you are using an FTP server. |
| 20 | TCP | Out | FTP over HTTP |
| 21 | SFTP | In/Out | Backup & Restore and Transaction Log Export if you are using an SFTP server. |
| 22 | TCP | In | SSH access to Secure Web Gateway. |
| 22 | SFTP | Out | Backup & Restore, and, server containing lexical data for import |
| 25 | TCP | Out | Outbound SMTP. If your system uses an alternative port, open that instead. |
| 53 | UDP/TCP | Out | DNS requests, if using DNS servers. Only allow outbound requests to the specified DNS servers, and responses from those servers. |
| 80 | TCP | Out |
Access to the Service Availability List: services1.clearswift.net services2.clearswift.net services3.clearswift.net |
| 80 | TCP | Out |
Access to the RSS Feed from: www.clearswift.com |
| 88 | TCP/UDP | Out | User authentication using Kerberos |
| 123 | UDP | In/Out |
Access to NTP services, if configured. The following servers are configured by default: 2.rhel.pool.ntp.org |
| 135 | TCP | Out | User authentication using NTLM |
| 137 | UDP | Out | User authentication using NTLM |
| 139 | TCP | Out | User authentication using NTLM |
| 162 | UDP | Out | SNMP traps |
| 389 | TCP | In/Out | LDAP directory access (if you use LDAP servers) |
| 443 | TCP | Out | HTTPS access to Secure Web Gateway Online Help |
| 443 |
TCP |
In/Out | HTTPS access to Clearswift Secure Web Gateway web interface and for communications between |
| 443 | TCP | Out | General HTTPS web access |
| 443 | TCP | Out | HTTPS lexical data import |
| 443 | TCP | Out | Outbound HTTPS traffic |
| 443 | TCP | Out |
HTTPS access to certificate one-crl.clearswift.net |
| 443 | TCP | Out |
HTTPS access to the Clearswift Update Server for license management and handling Managed Lexical Expression Lists: applianceupdate.clearswift.com |
| 443 | TCP | Out |
HTTPS access to Clearswift product and Operating System updates: cs-products.fortra.com cs-repos.fortra.com |
| 443 | TCP | Out |
HTTPS access to the Sophos or Avira Update Servers for fetching anti-virus updates and software upgrades. Sophos update servers: sav-update-1.clearswift.net sav-update-2.clearswift.net sav-update-3.clearswift.net sav-update-4.clearswift.net sav-update-5.clearswift.net sav-update-6.clearswift.net Avira update servers: aav-update-1.clearswift.net aav-update-2.clearswift.net aav-update-3.clearswift.net aav-update-4.clearswift.net aav-update-5.clearswift.net aav-update-6.clearswift.net *.apc.avira.com |
| 443 | TCP | Out |
HTTPS access to URL Database Updates: nsv10.netstar-inc.com nsv20.netstar-inc.com dss.netstar-inc.com gcftelemetry.netstar-inc.com incompass3.netstar-inc.com nsv*.netstar-inc.com |
| 445 | TCP | Out | User authentication using NTLM |
| 514 | TCP | Out | Access to a syslog server (default port for log export) |
| 636 | TCP | In | Secure LDAP directory access |
| 636 | TCP | Out | LDAP and SSL connection to a non-global catalog port (if you are using LDAP servers) |
| 990 | FTPS | In/Out | Backup & Restore and Transaction Logging.Also used to connect Clearswift Secure Web Gateway with your server containing lexical data for import. |
| 1270 | TCP | In/Out | SCOM server access: the port used by a SCOM server when monitoring the Gateway |
| 3268 | TCP | Out | LDAP connection to an active directory global catalog port (if you are using LDAP servers) |
| 3269 | TCP | In/Out | LDAP and SSL connection to an active directory global catalog port (if you are using LDAP servers) |
| 3269 | TCP | Out | LDAP connection to an active directory global catalog port (if you are using LDAP) |
| 8444 | TCP | In | Local HTTPS server |
| 9000 | UDP | In/Out | Distribution of time-based policy information to |
| 9090 | TCP | In/Out | Connection to Red Hat Cockpit |
