You will need to open ports for Policy Enforcer to communicate with other products and devices.
Table 296 lists the ports that Policy Enforcer uses to communicate with Security Director.
Table 296: Policy Enforcer Ports to Communicate with Security Director
Service | Protocol | Port | In | Out |
|---|---|---|---|---|
HTTPS | TCP | 8080 | X | |
HTTPS | TCP | 443 | X |
Table 297 lists the ports that Policy Enforcer uses to communicate with SRX Series Devices.
Table 297: Policy Enforcer Ports to Communicate with SRX Series Devices
Service | Protocol | Port | In | Out |
|---|---|---|---|---|
HTTPS | TCP | 443 | X |
Table 298 lists the ports that Policy Enforcer uses to communicate with the Sky ATP server to download feeds.
Note Connectivity between Sky ATP and Policy Enforcer is certificate-based. Once the trust is established, every request is within a context of valid token.
Table 298: Policy Enforcer Ports to Communicate with cloudfeeds.sky.junipersecurity.net
Service | Protocol | Port | In | Out |
|---|---|---|---|---|
HTTPS | TCP | 443 | X |
Table 299 lists the remaining Policy Enforcer services.
Table 299: Policy Enforcer Services
Service | Comments |
|---|---|
DNS | Used for basic network connection. |
NTP | Used to synchronize system clocks with the Network Time Protocol (NTP). |
If you are using NSX with Policy Enforcer (or Security Director), the following ports must be opened on NSX.
Table 300: NSX Ports
Port | In | Out | Comments |
|---|---|---|---|
443 | X | Used for communication between NSX and Security Director. | |
7804 | X | Used for outbound SSH based auto discovery of devices. | |
22 | X | Used for host management and image upload over sftp. |
The following ports must be opened from Policy Enforcer, Junos Space, and SRX Series devices for bidirectional traffic between nodes:
Security Director or Policy Enforcer to Internet—8080, 443
Policy Enforcer to SRX Series devices—8080, 443
Policy Enforcer to Security Director—443, 8080
© 2020 Juniper Networks, Inc. All rights reserved