| Port | Protocol | Direction | Required for |
|---|---|---|---|
| 20 | TCP | Out | FTP over HTTP. |
| 20 | FTP | In/Out | Backup & Restore and Transaction Log Export if using an FTP server located beyond the firewall. |
| 21 | FTP | In/Out | Backup & Restore and Transaction Log Export if using an SFTP server located beyond the firewall. |
| 22 | SSH | In | SSH access to the |
| 22 | SFTP | Out | Backup & Restore, and Server containing lexical data for import. |
| 25* | TCP | Out | Outbound SMTP. If your system uses an alternative port, open that instead. |
| 53 | TCP | Out | DNS requests, if using DNS servers beyond the firewall. Only allow outbound requests to the specified DNS servers, and responses from those servers. |
| 53 | UDP | Out | |
| 80 | TCP | Out | Access to Clearswift product and Operating System updates at repo.clearswift.net and rh.repo.clearswift.net |
| 80 | TCP | Out |
HTTP access to the Kaspersky and/or Sophos Update Servers for fetching anti-virus updates. Update servers: |
| 80 | TCP | Out |
HTTP access to the |
| 80 | TCP | Out | Access to SpamLogic Rule/Engine updates sn12.mailshell.net, db11.spamcatcher.net, verio.mailshell.net, ruledownloads.mailshell.net, tisdk.mailshell.net |
| 80 | TCP | Out | HTTP access to |
| 80 | TCP | Out | Access to the Service Availability List: services1.clearswift.net, services2.clearswift.net, services3.clearswift.net |
| 80 | TCP | Out | Access to the RSS Feed from www.clearswift.com |
| 80 | TCP | Out | Access to URL Database Updates: url1.clearswift.net, url2.clearswift.net, url3.clearswift.net, url4.clearswift.net |
| 88 | TCP | Out | User Authentication using Kerberos. |
| 88 | UDP | Out | User Authentication using Kerberos. |
| 123 | UDP | Out/In | Access to NTP services, if configured. The following servers are configured by default: 0.rhel.pool.ntp.org, 1.rhel.pool.ntp.org, 2.rhel.pool.ntp.org, 3.rhel.pool.ntp.org. |
| 135 | TCP | Out | User Authentication using NTLM. |
| 137 | UDP | Out | User Authentication using NTLM. |
| 139 | TCP | Out | User Authentication using NTLM. |
| 162 | UDP | Out | SNMP traps |
| 389 | TCP | Out | LDAP Directory access. |
| 443 | TCP | Out | HTTPS access to the |
| 443 | TCP | Out | HTTPS lexical data import |
| 443 | TCP | Out | HTTPS access to the |
| 514 | TCP | Out | Access to the central SYSLOG server. |
| 636 | TCP | Out | LDAP and SSL Connection to a non global catalog port, if you use LDAP servers beyond the firewall. |
| 443 | TCP | In | HTTP access to the |
| 443 | TCP | In/Out | Kaspersky KSN lookup (While this is using port 443, the traffic is not standard HTTP/S. Do not try to route through an SSL proxy) |
| 443 | TCP | Out |
HTTPS access to the 86.188.240.24 213.106.99.208 46.236.38.70 |
| 443 | TCP | Out | HTTPS Lexical data import |
| 443 | TCP | Out | General HTTPS web access |
| 445 | TCP | Out | User Authentication using NTLM. |
| 514 | TCP | Out | Central SYSLOG Server (log export). |
| 636 | TCP | Out | Secure LDAP Directory access |
| 990 | FTPS | Out |
Backup & Restore and Server containing lexical data for import. Transaction log export. |
| 1270 | TCP | Out/In | SCOM server access: the port used by a SCOM server when monitoring the Gateway |
| 1344 | TCP | in | ICAP Service |
| 3268 | TCP | Out |
LDAP connection to an active directory global catalog port, if you use LDAP servers beyond the firewall. |
| 3269 | TCP | Out |
LDAP connection to an active directory global catalog port, if you use LDAP servers beyond the firewall. |
| 8070 | TCP | In (slave) | HTTPS Client communication with the Master. |
| 8071 | TCP | In (master) | HTTPS Client communication with the Master. The port is only open on the Master. |
| 8090 | TCP | In (slave) | HTTPS Client communication with the Master. |
| 8444 | TCP | In | WCCPv2 |
| 8444 | TCP | In | PBR |
| 9000 | UDP | In/Out | Distribution of information to Peer |
| 9102 | TCP | In | WCCPv2 |
| 9102 | TCP | In | PBR |