The following table provides information on the ports used by the GravityZone components, when the security solution is installed on the premises of your company:
Component | Direction | Port | Source / Destination | Description |
Web Console | Inbound | 80 (HTTP) | Any | Access to the Control Center web console, redirect to 443 |
443 (HTTPS) | Any | Access to the Control Center web console | ||
Outbound | 27017 | GravityZone Database Server | Access to the GravityZone Database | |
389 (LDAP) | Domain Controller | Active Directory integration | ||
636 (LDAPS) | ||||
3268 | Domain Controller Global Catalog | |||
3269 | ||||
443 | vShield Manager | vShield Manager integration | ||
Hypervisor | Communication between GravityZone and Hypervisor | |||
my.bitdefender.com | My Bitdefender account integration | |||
lv2.bitdefender.com | License validation | |||
7074 | Update Server | Downloading updates | ||
7075 | ||||
9440 | Nutanix Prism Element | Nutanix Prism Element integration | ||
Both | 4369, 5672, 6150 | GravityZone Appliance | RabbitMQ communication between all the nodes of the GravityZone management cluster | |
32002 | Web Console | Web Console to Web Console communication on distributed roles | ||
Communication Server | Inbound | 8443 | Any | Management Traffic – Security Server Agent, Mobile Client management |
Outbound | 27017 | GravityZone Database Server | Access to the GravityZone Database | |
5228, 5229, 5230 | Firebase Cloud Messaging | Push notifications to Android devices | ||
2195, 2196, 5223 | Apple Push Notification service | Push notifications to iOS devices. For more information, refer to this Apple KB article. | ||
7074 | Update Server | Downloading updates | ||
7075 | ||||
Both | 4369, 5672, 6150 | GravityZone Appliance | RabbitMQ communication between all the nodes of the GravityZone management cluster. | |
8080 | Windows XP / Windows Server 2003 | Communication with the GravityZone Appliance for normal and silent deployment | ||
Database Server | Inbound | 27017 | GravityZone Database Server | Access to the GravityZone Database |
Outbound | 7074 | Update Server | Downloading updates | |
7075 | ||||
Update Server | Inbound | 7074 | Update Server | Ports used to allow communication between Control Center and Communication Server. |
7075 | ||||
Outbound | 80 | upgrade.bitdefender.com | Publishing updates | |
download.bitdefender.com | Downloading updates | |||
443 | upgrade.bitdefender.com | Publishing updates | ||
download.bitdefender.com | Downloading updates | |||
nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Cloud Servers | |||
53 | *.v1.bdnsrt.org | DNS requests for signature update checks | ||
7074 | Other local update server (optional) | Downloading updates | ||
7075 | Outside proxy servers (if configured) download.bitdefender.com upgrade.bitdefender.com lv2.bitdefender.com mybitdefender.com | Handles communication between GravityZone services and the outside world. | ||
Both | 7077 | Any | Staging Update Server communication. | |
All roles of the GravityZone VA | Outbound | 123 | Network Time Protocol server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. |
Both | 22 | GravityZone virtual appliances | Internal communication between GravityZone virtual appliances in the management cluster | |
Report Builder Database | Inbound | 27017 | Report Builder Processors | Listening for requests |
22 | SSH Server | Shell Access | ||
Outbound | N/A | N/A | N/A | |
Report Builder Processors | Inbound | 6379 | Communication Server | Listening for requests |
22 | SSH Server | Shell Access | ||
Outbound | 27017 | GravityZone Database | Access to the databases | |
Both | 80 | Web Console | Access to Web Console, redirect HTTP request to port 443; Listening for requests | |
443 | Web Console | Access to Web Console; Listening for requests | ||
Sandbox Analyzer | Both | 443 | Sandbox Analyzer Portal | Allows communication between the endpoint and the Sandbox Analyzer Portal. Handles file submission to sandbox-portal.gravityzone.bitdefender.com. |
BEST Endpoint Security | Outbound | 80 | submit.bitdefender.com | Port used for submitting endpoint dumps in case of crashes. |
upgrade.bitdefender.com | The official Bitdefender update server | |||
lv2.bitdefender.com | License validation | |||
53 | *.v1.bdnsrt.org | DNS requests for signature update checks | ||
7074 | Update Server | Downloading updates from Update Server | ||
Endpoint Security/BEST Relay (if available) | Downloading installation packages in the deployment phase from Endpoint Security/BEST Relay Communication messages received from endpoints linked to Endpoint Security/BEST Relay | |||
7076 | Bitdefender Cloud Servers: nimbus.bitdefender.net/elam/blob | Encrypted communication messages (when Endpoint Security/BEST Relay is used as a proxy) | ||
8080, 8443 | Communication Server | Link between Endpoint Security/BEST and Communication Server Downloading installation packages during deployment (Setup Downloader) | ||
443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | ||
nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Cloud Servers | |||
7081 | Security Server | Antimalware scanning with Security Server | ||
7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption | ||
Inbound | N/A | N/A | N/A | |
BEST Relay/Endpoint Security | Outbound | 80 | submit.bitdefender.com | Port used for submitting endpoint dumps in case of crashes. |
upgrade.bitdefender.com | The official Bitdefender update server | |||
lv2.bitdefender.com | License validation | |||
53 | *.v1.bdnsrt.org | DNS requests for signature update checks | ||
7074 | Update Server | Downloading updates from Update Server | ||
Endpoint Security/BEST Relay* (if available) | Downloading installation packages in the deployment phase from Endpoint Security/BEST Relay Communication messages received from endpoints linked to Endpoint Security/BEST Relay | |||
7076 | Bitdefender Cloud Servers: nimbus.bitdefender.net/elam/blob | Encrypted communication messages received from endpoints linked to Endpoint Security/BEST Relay | ||
7081 | Security Server | Antimalware scanning with Security Server | ||
7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption | ||
8080, 8443 | Communication Server | Link between Endpoint Security/BEST Relay and Communication Server Downloading installation packages during deployment (Setup Downloader) | ||
443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | ||
nimbus.bitdefender.net/elam/blob | Early Launch Anti-Malware (ELAM) cloud server | |||
nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Cloud Servers | |||
Inbound | 7074 | Endpoint Security, BEST | Communication messages (such as settings and events) received from endpoints linked to Endpoint Security/BEST Relay | |
7076 | Endpoint Security, BEST | Encrypted communication messages proxied from connected endpoints to Bitdefender Cloud Servers: nimbus.bitdefender.net/elam/blob | ||
Bitdefender Tools for Virtualized Environments Integrated with vShield | Outbound | 48651 | Security Server | Antimalware traffic scanning sent by vShield driver |
8443 | Communication Server | Link between Bitdefender Tools (for Linux) and Communication Server | ||
Inbound | N/A | N/A | N/A | |
Security Server for Virtualized Environments Integrated with vShield | Outbound | 7074 | Update Server | Downloading updates from Update Server |
8443 | Communication Server | Antimalware traffic scanning sent by vShield driver | ||
Inbound | 48652 | Any | Communication between the hypervisor and Security Server | |
Security Server for Virtualized Environments Integrated with NSX-T | Outbound | 7074 | Update Server | Downloading updates from Update Server |
8443 | Communication Server | Antimalware traffic scanning sent by vShield driver | ||
Inbound | 48652 | Any | Communication between the hypervisor and Security Server | |
Bitdefender Tools for Virtualized Environments (Multi-Platform) | Outbound | 7081 | Security Server | Antimalware scanning with Security Server |
7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption | ||
8443 | Communication Server | Communication between Bitdefender Tools and Communication Server Downloading installation packages during deployment | ||
7074 | Update Server | Downloading updates | ||
443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | ||
80 | nimbus.bitdefender.net | Antimalware scanning with Bitdefender Cloud Servers | ||
Inbound | N/A | N/A | N/A | |
Security Server for Virtualized Environments (Multi-Platform) | Outbound | 443 | nimbus.bitdefender.net/katastif/manager | Anonymized information regarding violations detected by Bitdefender HVI |
nimbus.bitdefender.net | Periodical verification of antimalware detections with Bitdefender Cloud Servers | |||
7074 | Update Server | Downloading updates from Update Server | ||
8443 | Communication Server | Link between Security Server and Communication Server | ||
Inbound | 1344 | Any | Communication between NAS devices compliant with ICAP and Security Server | |
7081 | Any | Antimalware traffic scanning sent by Bitdefender Tools / BEST | ||
7083 | Any | Antimalware traffic scanning sent by Bitdefender Tools / BEST over SSL | ||
GravityZone Mobile Client | Outbound | 8443 | Communication Server | Mobile Client management |
443 | nimbus.bitdefender.net | Antimalware and web security scanning with Bitdefender Cloud Servers (Android devices only) | ||
443 | my.bitdefender.com | License validation (Android devices only) | ||
Inbound | N/A | N/A | N/A |
* Since the relay is an update server that needs to listen all the time on a port, Bitdefender provides a mechanism able to automatically open a random port on localhost (127.0.0.1), so that the update server can receive proper configuration details. This mechanism applies when the default port 7074 is used by another application. In this case, the update server tries to open the 7075 port to listen on localhost. If 7075 port is also unavailable, the update server will search for another port that is free (in range of 1025 to 65535) and successfully bind to listen on localhost.