Policy Enforcer Ports
You will need to open ports for Policy Enforcer to communicate with other products and devices.
Table 1 lists the ports that Policy Enforcer uses to communicate with Security Director.
Table 1: Policy Enforcer Ports to Communicate with Security Director
Service | Protocol | Port | In | Out |
|---|---|---|---|---|
HTTPS | TCP | 8080 | X | |
HTTPS | TCP | 443 | X |
Table 2 lists the ports that Policy Enforcer uses to communicate with SRX Series Devices.
Table 2: Policy Enforcer Ports to Communicate with SRX Series Devices
Service | Protocol | Port | In | Out |
|---|---|---|---|---|
HTTPS | TCP | 443 | X |
Table 3 lists the ports that Policy Enforcer uses to communicate with the Juniper ATP Cloud server to download feeds.
Connectivity between Juniper ATP Cloud and Policy Enforcer is certificate-based. Once the trust is established, every request is within a context of valid token.
Table 3: Policy Enforcer Ports to Communicate with cloudfeeds.sky.junipersecurity.net
Service | Protocol | Port | In | Out |
|---|---|---|---|---|
HTTPS | TCP | 443 | X |
Table 4 lists the ports that Policy Enforcer uses to communicate with ca.junipersecurity.net.
Table 4: Policy Enforcer Ports to Communicate with ca.junipersecurity.net
Service | Protocol | Port | In | Out |
|---|---|---|---|---|
HTTPS | TCP | 8080 | X |
Table 5 lists the remaining Policy Enforcer services.
Table 5: Policy Enforcer Services
Service | Comments |
|---|---|
DNS | Used for basic network connection. |
NTP | Used to synchronize system clocks with the Network Time Protocol (NTP). |
If you are using NSX with Policy Enforcer (or Security Director), the following ports must be opened on NSX.
Table 6: NSX Ports
Port | In | Out | Comments |
|---|---|---|---|
443 | X | Used for communication between NSX and Security Director. | |
7804 | X | Used for outbound SSH based auto discovery of devices. | |
22 | X | Used for host management and image upload over sftp. |