Policy Enforcer Ports
While using Policy Enforcer in Connected Security deployment, SRX series devices do not submit files for detection via Policy Enforcer. SRX series devices still need to reach the Sky ATP cloud server via internet, to submit files for malware detection and analysis. If SRX series devices are connected to the internet via another firewall or proxy, then that device must have 8080 and 443 ports open.
You will need to open ports for Policy Enforcer to communicate with other products and devices.
Table 1 lists the ports that Policy Enforcer uses to communicate with Security Director.
Table 1: Policy Enforcer Ports to Communicate with Security Director
Service | Protocol | Port | In | Out |
|---|---|---|---|---|
HTTPS | TCP | 8080 | X | |
HTTPS | TCP | 443 | X |
Table 2 lists the ports that Policy Enforcer uses to communicate with SRX Series Devices.
Table 2: Policy Enforcer Ports to Communicate with SRX Series Devices
Service | Protocol | Port | In | Out |
|---|---|---|---|---|
HTTPS | TCP | 443 | X |
Table 3 lists the ports that Policy Enforcer uses to communicate with the Juniper ATP Cloud server to download feeds.
Connectivity between Juniper ATP Cloud and Policy Enforcer is certificate-based. Once the trust is established, every request is within a context of valid token.
Table 4 lists the ports that Policy Enforcer uses to communicate with ca.junipersecurity.net.
Table 3: Policy Enforcer Ports to Communicate with cloudfeeds.sky.junipersecurity.net
Service | Protocol | Port | In | Out |
|---|---|---|---|---|
HTTPS | TCP | 443 | X |
Table 4 lists the ports that Policy Enforcer uses to communicate with ca.junipersecurity.net.
Table 4: Policy Enforcer Ports to Communicate with ca.junipersecurity.net
Service | Protocol | Port | In | Out |
|---|---|---|---|---|
HTTPS | TCP | 8080 | X |
Table 5 lists the remaining Policy Enforcer services.
Table 5: Policy Enforcer Services
Service | Comments |
|---|---|
DNS | Used for basic network connection. |
NTP | Used to synchronize system clocks with the Network Time Protocol (NTP). |
If you are using NSX with Policy Enforcer (or Security Director), the following ports must be opened on NSX.
Table 6: NSX Ports
Port | In | Out | Comments |
|---|---|---|---|
443 | X | Used for communication between NSX and Security Director. | |
7804 | X | Used for outbound SSH based auto discovery of devices. | |
22 | X | Used for host management and image upload over sftp. |