You will need to open ports for Policy Enforcer to communicate with other products and devices.
Table 314 lists the ports that Policy Enforcer uses to communicate with Security Director.
Table 314: Policy Enforcer Ports to Communicate with Security Director
Service | Protocol | Port | In | Out |
|---|---|---|---|---|
HTTPS | TCP | 8080 | X | |
HTTPS | TCP | 443 | X |
Table 315 lists the ports that Policy Enforcer uses to communicate with SRX Series Devices.
Table 315: Policy Enforcer Ports to Communicate with SRX Series Devices
Service | Protocol | Port | In | Out |
|---|---|---|---|---|
HTTPS | TCP | 443 | X |
Table 316 lists the ports that Policy Enforcer uses to communicate with the Sky ATP server to download feeds.
Note Connectivity between Sky ATP and Policy Enforcer is certificate-based. Once the trust is established, every request is within a context of valid token.
Table 316: Policy Enforcer Ports to Communicate with cloudfeeds.sky.junipersecurity.net
Service | Protocol | Port | In | Out |
|---|---|---|---|---|
HTTPS | TCP | 443 | X |
Table 317 lists the remaining Policy Enforcer services.
Table 317: Policy Enforcer Services
Service | Comments |
|---|---|
DNS | Used for basic network connection. |
NTP | Used to synchronize system clocks with the Network Time Protocol (NTP). |
If you are using NSX with Policy Enforcer (or Security Director), the following ports must be opened on NSX.
Table 318: NSX Ports
Port | In | Out | Comments |
|---|---|---|---|
443 | X | Used for communication between NSX and Security Director. | |
7804 | X | Used for outbound SSH based auto discovery of devices. | |
22 | X | Used for host management and image upload over sftp. |
The following ports must be opened from Policy Enforcer, Junos Space, and SRX Series devices for bidirectional traffic between nodes:
Security Director or Policy Enforcer to Internet—8080, 443
Policy Enforcer to SRX Series devices—8080, 443
Policy Enforcer to Security Director—443, 8080
© 2020 Juniper Networks, Inc. All rights reserved