The following table provides information on the ports that GravityZone components use for communication.
You need to have these ports open and to exclude all addresses mentioned in this table from any gateway security solution or network packet inspection so that GravityZone functions flawlessly.
Note:
It is recommended that you do not use solutions for inspecting or scanning the traffic between endpoints, relays, GravityZone virtual appliances and Bitdefender servers, because they may change the checksum and therefore damage the downloads.
| Component | Direction | Port | Source / Destination | Description |
| Web Console (Control Center) |
Inbound | 80 (HTTP) | Any | Access to the Control Center web console, redirect to 443 |
| 443 (HTTPS) | Any | Access to the Control Center web console | ||
| Outbound | 27017 | GravityZone Database Server | Access to the GravityZone Database | |
| 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | ||
| 389 (LDAP) | Active Directory Domain Controller | Active Directory integration | ||
| 636 (LDAPS) | ||||
| 3268 | Domain Controller Global Catalog | |||
| 3269 | ||||
| 443 | NSX Manager | VMware NSX Manager integration | ||
| vCenter Server |
Communication between GravityZone and vCenter Server |
|||
| lv2.bitdefender.com | License validation | |||
| 7074 | GravityZone Update Server | Downloading updates | ||
| 7075 | ||||
| 9440 | Nutanix Prism Element | Nutanix Prism Element integration | ||
| Both | 22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster | |
|
4369, 5672, 6150 |
GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster | ||
| 32002 | Web Console | Communication between Web Console instances when this role is distributed | ||
| Communication Server | Inbound | 8443 | Any | Traffic management from/to Security Server, Security Agent, Mobile Client |
| 8080 | Agent running on Windows XP / Windows Server 2003 | Communication between the GravityZone appliance and Security Agent. | ||
| Outbound | 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | |
| 27017 | GravityZone Database Server | Access to the GravityZone Database | ||
| 5228, 5229, 5230 | Firebase Cloud Messaging | Push notifications to Android devices | ||
| 2195, 2196, 5223 | Apple Push Notification service | Push notifications to iOS devices. For more information, refer to this Apple KB article. | ||
| 7074 | GravityZone Update Server | Downloading updates from the local Update Server | ||
| 7075 | ||||
| Both | 22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster | |
|
4369, |
GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster | ||
| Database Server | Inbound | 27017 | GravityZone Database Server | Access to other GravityZone database instances and replica set members. |
| Outbound | 7074 | GravityZone Update Server | Downloading updates | |
| 7075 | ||||
| 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | ||
| Both | 22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster | |
| Update Server | Outbound | 80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net |
Downloading updates from the online Bitdefender Update Servers (the official repository) |
| download.bitdefender.com | Downloading installation kits | |||
| 27017 | GravityZone Database Server | Access to the GravityZone Database | ||
| 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | ||
| 443 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net |
Publishing updates | ||
| download.bitdefender.com | Downloading updates | |||
| nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Global Protective Network | |||
| 53 | *.v1.bdnsrt.org | DNS requests for signature update checks | ||
| Both | 22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster | |
| 7074 | GravityZone Update Server | Downloading updates | ||
| 7075 | Outside proxy servers (if configured) download.bitdefender.com upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net lv2.bitdefender.com |
Handles communication between GravityZone services and the outside world | ||
| 7077 | Any | Staging Update Server communication. | ||
| Report Builder Database | Inbound | 27017 | Report Builder Processors | Listening for requests |
| Outbound | 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | |
| 7074 | GravityZone Update Server | Downloading updates | ||
| 7075 | ||||
| Both | 22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster | |
| Report Builder Processors | Inbound | 6379 | Communication Server | Listening for requests |
| Outbound | 27017 | GravityZone Report Builder Database | Access to the Report Builder Database | |
| 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | ||
| Both | 80 | Web Console | Access to Web Console, redirect HTTP request to port 443; Listening for requests | |
| 443 | Web Console | Access to Web Console; Listening for requests | ||
| 22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster | ||
| Incidents Server | Inbound | 8444 | Security Agent | Traffic between the Security agent and the Incidents server. |
| Relay Agent | Traffic between the Relay agent and the Incidents server. | |||
| Outbound | 27017 | GravityZone Database Server | Access to the GravityZone Database | |
| 7074 | GravityZone Update Server | Downloading updates from the local Update Server | ||
| 7075 | ||||
| 123 | Network Time Protocol (NTP) server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | ||
| Both | 4369, 5672, 6150 |
GravityZone virtual appliances | RabbitMQ communication between the GravityZone appliances in the management cluster. | |
| 22 | SSH Server | Internal communication between GravityZone virtual appliances in the management cluster. | ||
| Security Agent (BEST, BEST Legacy, Endpoint Security, Endpoint Security for Mac) | Outbound | 80 | submit.bitdefender.com | Port used for submitting endpoint dumps in case of crashes. |
| upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net |
Downloading updates from the online Bitdefender Update Servers (the official repository) | |||
| lv2.bitdefender.com | License validation | |||
| 53 | *.v1.bdnsrt.org | DNS requests for signature update checks | ||
| 7074 | GravityZone Update Server | Downloading updates from GravityZone Update Server | ||
| Relay (if available) | Downloading installation packages in the deployment phase from the Relay Communication messages received from endpoints linked to the Relay |
|||
| 7076 | Bitdefender Global Protective Network: nimbus.bitdefender.net |
Encrypted communication messages (when the Relay is used as a proxy) | ||
| 8080, 8443 | Communication Server | Link between the Security Agent and Communication Server Downloading installation packages during deployment (Setup Downloader) |
||
| 443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | ||
| upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net |
Downloading updates from the online Bitdefender Update Servers (the official repository) over an encrypted channel | |||
| Sandbox Analyzer Portal: sandbox-portal.gravityzone.bitdefender.com sandbox-portal-us.gravityzone.bitdefender.com |
Communication between the feeding sensor and the virtual machines from Sandbox Analyzer Cluster on which the sample is detonated. | |||
| Sandbox Analyzer VA | Communication between the feeding sensor and the virtual machines from Sandbox Analyzer Virtual Appliance on which the sample is detonated. | |||
| nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Global Protective Network | |||
| 7081 | Security Server | Antimalware scanning with Security Server | ||
| 7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption | ||
| Relay Agent | Inbound | 7074 | Security Agent | Communication messages (such as settings and events) received from endpoints linked to the Relay |
| 7076 | Security Agent | Encrypted communication messages proxied from connected endpoints to Bitdefender Global Protective Network: nimbus.bitdefender.net |
||
| Outbound | ||||
| 80 | submit.bitdefender.com | Port used for submitting endpoint dumps in case of crashes. | ||
| upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net |
Downloading updates from the online Bitdefender Update Servers (the official repository) | |||
| lv2.bitdefender.com | License validation | |||
| 53 | *.v1.bdnsrt.org | DNS requests for signature update checks | ||
| 7074 | GravityZone Update Server | Downloading updates from GravityZone Update Server | ||
| Relay* (if available) | Downloading installation packages in the deployment phase from another Relay Communication messages received from endpoints linked to the Relay |
|||
| 7076 | Bitdefender Global Protective Network: nimbus.bitdefender.net |
Encrypted communication messages received from endpoints linked to the Relay Agent | ||
| 7081 | Security Server | Antimalware scanning with Security Server | ||
| 7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption | ||
| 8080, 8443 | Communication Server | Link between the Relay Agent and Communication Server Downloading installation packages during deployment (Setup Downloader) |
||
| 443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | ||
|
upgrade.bitdefender.com |
Downloading updates from the online Bitdefender Update Servers (the official repository) over an encrypted channel | |||
| nimbus.bitdefender.net/elam/blob | Early Launch Anti-Malware (ELAM) cloud server | |||
| nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Global Protective Network | |||
| Bitdefender Tools (vShield) | Outbound | 48651 | Security Server | Antimalware traffic scanning sent by vShield driver |
| 8443 | Communication Server | Link between Bitdefender Tools (for Linux) and Communication Server | ||
| Security Server (vShield) | Inbound | 48652 | Any | Communication between the hypervisor and Security Server |
| 6379 | Security Server | Allows traffic between Security Servers for scan cache sharing protocol. | ||
| Outbound | 7074 | GravityZone Update Server | Downloading updates from GravityZone Update Server | |
| 8443 | Communication Server | Antimalware traffic scanning sent by vShield driver | ||
| 443 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net |
Fallback for downloading updates from the Bitdefender Update Servers (the official repository) over an encrypted channel | ||
| 80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net |
Fallback for downloading updates from the Bitdefender Update Servers (the official repository) | ||
| Security Server (VMware NSX-T / NSX-V) | Inbound | 48652 | Guest Introspection driver | Communication between the hypervisor and Security Server |
| 6379 | Security Server | Allows traffic between Security Servers for scan cache sharing protocol. | ||
| 22 | SSH Server | Allows remote SSH connections and file downloading from the Security Server quarantine. | ||
| Outbound | 7074 | GravityZone Update Server | Downloading updates from Update Server | |
| 80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net |
Fallback for downloading updates from the Bitdefender Update Servers (the official repository) | ||
| download.bitdefender.com | Downloading installation kits | |||
| 443 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net |
Fallback for downloading updates from the Bitdefender Update Servers (the official repository) over an encrypted channel | ||
| download.bitdefender.com | Downloading updates | |||
| 8443 | Communication Server | Link between Security Server and Communication Server | ||
| Bitdefender Tools (Multi-Platform) | Outbound | 7081 | Security Server | Antimalware scanning with Security Server |
| 7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption | ||
| 8443 | Communication Server | Communication between Bitdefender Tools and Communication Server Downloading installation packages during deployment |
||
| 7074 | GravityZone Update Server | Downloading updates | ||
| 443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | ||
| 80 | nimbus.bitdefender.net | Antimalware scanning with Bitdefender Global Protective Network | ||
| Security Server (Multi-Platform) | Inbound | 1344 | Any | Communication between NAS devices compliant with ICAP and Security Server |
| 7081 | Any | Antimalware traffic scanning sent by Security Agent | ||
| 7083 | Any | Antimalware traffic scanning sent by Security Agent over SSL | ||
| 6379 | Security Server | Allows traffic between Security Servers for scan cache sharing protocol. | ||
| Outbound | 443 | nimbus.bitdefender.net/katastif/manager | Anonymized information regarding violations detected by Bitdefender HVI | |
| upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net |
Fallback for downloading updates from the online Bitdefender Update Servers (the official repository) over an encrypted channel | |||
| download.bitdefender.com | Downloading updates | |||
| nimbus.bitdefender.net | Periodical verification of antimalware detections with Bitdefender Global Protective Network | |||
| 7074 | GravityZone Update Server | Downloading updates from GravityZone Update Server | ||
| 8443 | Communication Server | Link between Security Server and Communication Server | ||
| 80 | upgrade.bitdefender.com update-onprem.2d585.cdn.bitdefender.net |
Fallback for downloading updates from the Bitdefender Update Servers (the official repository) | ||
| download.bitdefender.com | Downloading installation kits | |||
| Sandbox Analyzer VA | Inbound | 443 | Any | Communication between the feeding sensors and the virtual machines from Sandbox Analyzer Virtual Appliance on which the sample is detonated. |
| Outbound | 8443 | Communication Server | Communication between Sandbox Analyzer Virtual Appliance and Communication Server. | |
| Network Security VA | Outbound | 443 | Sandbox Analyzer VA | Communication between the Network Security VA (Network Sensor) and the virtual machines from Sandbox Analyzer Virtual Appliance on which the sample is detonated. |
| 8443 | Communication Server | Communication between Network Security Virtual Appliance (Network Sensor) and Communication Server. | ||
| GravityZone Mobile Client | Outbound | 8443 | Communication Server | Mobile Client management |
| 443 | nimbus.bitdefender.net | Antimalware and web security scanning with Bitdefender Global Protective Network (Android devices only) | ||
| Secure VPN Cluster | Both | 4500 (UDP) | GravityZone virtual appliances | Used for NAT traversal mode |
| 500 (UDP) | GravityZone virtual appliances | Allows Internet Security Association and Key Management Protocol (ISAKMP) traffic between GravityZone virtual appliances using the IPsec tool. |
* Since the relay is an update server that needs to listen all the time on a port, Bitdefender provides a mechanism able to automatically open a random port on localhost (127.0.0.1), so that the update server can receive proper configuration details. This mechanism applies when the default port 7074 is used by another application. In this case, the update server tries to open the 7075 port to listen on localhost. If 7075 port is also unavailable, the update server will search for another port that is free (in range of 1025 to 65535) and successfully bind to listen on localhost.
