Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Policy Enforcer Ports

Note:

While using Policy Enforcer in Connected Security deployment, SRX Series Firewalls"?>SRX Series Firewalls do not submit files for detection via Policy Enforcer. SRX Series Firewalls"?>SRX Series Firewalls still need to reach the ATP Cloud cloud server via internet, to submit files for malware detection and analysis. If SRX Series Firewalls"?>SRX Series Firewalls are connected to the internet via another firewall or proxy, then that device must have 8080 and 443 ports open.

You will need to open ports for Policy Enforcer to communicate with other products and devices.

Table 1 lists the ports that Policy Enforcer uses to communicate with Security Director.

Table 1: Policy Enforcer Ports to Communicate with Security Director

Service

Protocol

Port

In

Out

HTTPS

TCP

8080

X

HTTPS

TCP

443

X

Table 2 lists the ports that Policy Enforcer uses to communicate with SRX Series Firewalls.

Table 2: Policy Enforcer Ports to Communicate with SRX Series Firewalls

Service

Protocol

Port

In

Out

HTTPS

TCP

443

X

Table 3 lists the ports that Policy Enforcer uses to communicate with the Juniper ATP Cloud server to download feeds.

Note:

Connectivity between Juniper ATP Cloud and Policy Enforcer is certificate-based. Once the trust is established, every request is within a context of valid token.

Table 4 lists the ports that Policy Enforcer uses to communicate with ca.junipersecurity.net.

Table 3: Policy Enforcer Ports to Communicate with cloudfeeds.sky.junipersecurity.net

Service

Protocol

Port

In

Out

HTTPS

TCP

443

X

Table 4 lists the ports that Policy Enforcer uses to communicate with ca.junipersecurity.net.

Table 4: Policy Enforcer Ports to Communicate with ca.junipersecurity.net

Service

Protocol

Port

In

Out

HTTPS

TCP

8080

X

Table 5 lists the remaining Policy Enforcer services.

Table 5: Policy Enforcer Services

Service

Comments

DNS

Used for basic network connection.

NTP

Used to synchronize system clocks with the Network Time Protocol (NTP).

If you are using NSX with Policy Enforcer (or Security Director), the following ports must be opened on NSX.

Table 6: NSX Ports

Port

In

Out

Comments

443

X

Used for communication between NSX and Security Director.

7804

X

Used for outbound SSH based auto discovery of devices.

22

X

Used for host management and image upload over sftp.