Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Policy Enforcer Ports

 

You will need to open ports for Policy Enforcer to communicate with other products and devices.

Table 1 lists the ports that Policy Enforcer uses to communicate with Security Director.

Table 1: Policy Enforcer Ports to Communicate with Security Director

Service

Protocol

Port

In

Out

HTTPS

TCP

8080

X

HTTPS

TCP

443

X

Table 2 lists the ports that Policy Enforcer uses to communicate with SRX Series Devices.

Table 2: Policy Enforcer Ports to Communicate with SRX Series Devices

Service

Protocol

Port

In

Out

HTTPS

TCP

443

X

Table 3 lists the ports that Policy Enforcer uses to communicate with the Sky ATP server to download feeds.

Note

Connectivity between Sky ATP and Policy Enforcer is certificate-based. Once the trust is established, every request is within a context of valid token.

Table 3: Policy Enforcer Ports to Communicate with cloudfeeds.sky.junipersecurity.net

Service

Protocol

Port

In

Out

HTTPS

TCP

443

X

Table 4 lists the remaining Policy Enforcer services.

Table 4: Policy Enforcer Services

Service

Comments

DNS

Used for basic network connection.

NTP

Used to synchronize system clocks with the Network Time Protocol (NTP).

If you are using NSX with Policy Enforcer (or Security Director), the following ports must be opened on NSX.

Table 5: NSX Ports

Port

In

Out

Comments

443

X

Used for communication between NSX and Security Director.

7804

X

Used for outbound SSH based auto discovery of devices.

22

X

Used for host management and image upload over sftp.

The following ports must be opened from Policy Enforcer, Junos Space, and SRX Series devices for bidirectional traffic between nodes:

  • Security Director or Policy Enforcer to Internet—8080, 443

  • Policy Enforcer to SRX Series devices—8080, 443

  • Policy Enforcer to Security Director—443, 8080