Policy Enforcer Ports

You will need to open ports for Policy Enforcer to communicate with other products and devices.

Table 312 lists the ports that Policy Enforcer uses to communicate with Security Director.

Table 312: Policy Enforcer Ports to Communicate with Security Director

 

Service

Protocol

Port

In

Out

HTTPS

TCP

8080

X

HTTPS

TCP

443

X

Table 313 lists the ports that Policy Enforcer uses to communicate with SRX Series Devices.

Table 313: Policy Enforcer Ports to Communicate with SRX Series Devices

 

Service

Protocol

Port

In

Out

HTTPS

TCP

443

X

Table 314 lists the ports that Policy Enforcer uses to communicate with the Sky ATP server to download feeds.

Note Connectivity between Sky ATP and Policy Enforcer is certificate-based. Once the trust is established, every request is within a context of valid token.

Table 314: Policy Enforcer Ports to Communicate with cloudfeeds.sky.junipersecurity.net

 

Service

Protocol

Port

In

Out

HTTPS

TCP

443

X

Table 315 lists the remaining Policy Enforcer services.

Table 315: Policy Enforcer Services

 

Service

Comments

DNS

Used for basic network connection.

NTP

Used to synchronize system clocks with the Network Time Protocol (NTP).

If you are using NSX with Policy Enforcer (or Security Director), the following ports must be opened on NSX.

Table 316: NSX Ports

 

Port

In

Out

Comments

443

X

Used for communication between NSX and Security Director.

7804

X

Used for outbound SSH based auto discovery of devices.

22

X

Used for host management and image upload over sftp.

The following ports must be opened from Policy Enforcer, Junos Space, and SRX Series devices for bidirectional traffic between nodes: