Firewall ports

You might need to open the following ports on your DMZ firewall, depending on your network configuration:

Port Protocol Direction Required for
20 FTP In/Out Backup & Restore if using an FTP server.
21 FTP In/Out Backup & Restore and Transaction Logging if using an FTP server.
21 FTPS (exp) In/Out Backup & Restore and Transaction Logging.
22 TCP In SSH access to the console.
22 SFTP Out Backup & Restore, and, server containing lexical data for import
25 TCP In Inbound SMTP
25 TCP Out Outbound SMTP. If your system uses an alternative port, open that instead.
53 UDP/TCP Out DNS requests, if using DNS servers. Only allow outbound requests to the specified DNS servers, and responses from those servers.
80 TCP In HTTP access to the PMM interface (if using PMM)
80 TCP Out

Access to the Service Availability List:

services1.clearswift.net

services2.clearswift.net

services3.clearswift.net

80 TCP Out

Access to the RSS Feed from:

www.clearswift.com

123 UDP In/Out

Access to NTP services, if configured. The following servers are configured by default:

0.rhel.pool.ntp.org

1.rhel.pool.ntp.org

2.rhel.pool.ntp.org

3.rhel.pool.ntp.org

135 TCP Out User authentication using NTLM (when using PMM in Full Mode)
137 UDP Out User authentication using NTLM (when using PMM in Full Mode)
139 TCP Out User authentication using NTLM (when using PMM in Full Mode)
161 UDP Out SNMP inbound: the port used by an SNMP browser when scanning Secure Exchange Gateway
162 UDP Out SNMP alerts
389 TCP In/Out LDAP directory access (if you use LDAP servers)
389 TCP In/Out LDAP Key Server Queries
443 TCP In/Out HTTPS Key Server Queries
443

TCP

 In/Out HTTPS access to Clearswift Secure Exchange Gateway web interface and for communications between Peer Gateways
443 TCP Out HTTPS access to Secure Exchange Gateway Online Help
443 TCP Out

HTTPS access to the Clearswift Update Server for license management and handling Managed Lexical Expression Lists:

applianceupdate.clearswift.com

443 TCP Out

Access to Clearswift product and Operating System updates:

products.clearswift.net

rh7-repo.clearswift.net

443 TCP Out

HTTPS access to the Sophos or Avira Update Servers for fetching anti-virus updates and software upgrades.

Sophos update servers:

sav-update-1.clearswift.net

sav-update-2.clearswift.net

sav-update-3.clearswift.net

sav-update-4.clearswift.net

sav-update-5.clearswift.net

sav-update-6.clearswift.net

Avira update servers:

aav-update-1.clearswift.net

aav-update-2.clearswift.net

aav-update-3.clearswift.net

aav-update-4.clearswift.net

aav-update-5.clearswift.net

aav-update-6.clearswift.net

*.apc.avira.com

443 TCP Out

HTTPS access to Sophos URL Lookup Server:

4.sophosxl.net

445 TCP Out User authentication using NTLM (when using PMM in Full Mode)
514 TCP Out Access to a syslog server (default port for log export)
636 TCP In/Out Secure LDAP/S directory access
990 FTPS In/Out Backup & Restore and Transaction Logging.Also used to connect Clearswift Secure Exchange Gateway with your server containing lexical data for import.
3268 TCP Out LDAP connection to an active directory global catalog port (if you are using LDAP servers)
3269 TCP In/Out LDAP and SSL connection to an active directory global catalog port (if you are using LDAP servers)
9090 TCP In/Out Connection to Red Hat Cockpit
11371 TCP In/Out HTTPS Key Server Queries
19200 UDP In/Out Broadcasting of greylisting data to Peer Gateways

 

Exchange Server Firewall Ports

The following table lists the ports you might need to open in Windows Firewall on your Exchange Server:

Port Protocol Direction Required for
10443 TCP Out HTTPS access to the Clearswift Secure Exchange Gateway web service.
23953 TCP In/Out Communication with other SXG Interceptors.
23955 TCP In/Out LDAP access to SXG configuration store.