Enterprise Recon 2.11.1
Network Requirements
This section covers the following topics:
Master Server Network Requirements
If you have any firewalls configured between the Master Server and
- any hosts that need to connect to the Web Console,
- all Agent hosts, or
- (optional) the Ground Labs update server,
make sure that the following connections are allowed:
TCP Port | Allowed Connections | To / From | Description |
---|---|---|---|
80 / 443 | Inbound | From: Hosts connecting to the Web Console. | To allow hosts on the network to access the Web Console.
If you have enabled HTTPS on the Master Server (see Enable HTTPS), you can safely disable port 80.
|
8843 | Outbound | To: Ground Labs update server. | (Optional) To allow the Master Server to receive updates from the Ground Labs update server.
Connecting to the Ground Labs update server requires the Master Server to have a working internet connection.
|
11117 | Inbound | From: Node or Proxy Agent hosts. | To allow Node and Proxy Agents to establish a connection to the Master Server. |
Node Agent Network Requirements
On Node Agent hosts, the following connections must be allowed:
TCP Port | Allowed Connections | To / From | Description |
---|---|---|---|
11117 | Outbound | To: Master Server. | A Node Agent establishes a connection to the Master Server on this port to send reports and receive instructions. |
Proxy Agent Network Requirements
Proxy Agents must be able to connect to:
- the Master Server on port 11117
- the Target host or service
Details can be found in these sections below:
Agentless Scans
Make sure that the Target and Proxy Agent host fulfill the following requirements:
Target Host | Proxy Agent | TCP Port 1 | Requirements |
---|---|---|---|
Windows host | Windows Proxy Agent |
For Targets running Windows Server 2008 and newer:
For Targets running Windows Server 2003 R2 and older:
WMI can be configured to use static ports instead of dynamic ports.
|
|
Linux or UNIX host | Windows, Linux or UNIX Proxy Agent |
|
|
macOS host | macOS Proxy Agent |
|
|
1 TCP Port allowed connections.
See Agentless Scan for more information.
Network Storage
Protocol/Target Type | Destination TCP Port (default) | Description |
---|---|---|
CIFS/SMB server | 445 *See description for additional ports. |
To scan Windows remote file shares via CIFS. Additional ports For Windows 2000 and older:
|
SSH server | 22 | To scan Unix or Unix-like remote file shares via SSH. |
NFS server | 2049 (TCP or UDP) *See description for additional ports. |
To scan NFS file shares. Additional ports NFSv4 requires only port 2049 (TCP only). NFSv3 and older must allow connections on the following ports:
rpcbind assigns dynamic ports to the following services required by NFSv3 and older:
To find out which ports these services are using on your NFS server, check with your system administrator. You can assign static ports to the required services, removing the need to allow connections for the entire dynamic port range. For more information, check with your system administrator.
|
Websites and Cloud Services
Destination TCP Port (default) | Protocol/Target Type | Description |
---|---|---|
80 | HTTP server | To scan websites. |
443 | HTTPS server | To scan HTTPS websites. |
443 | Cloud services | To scan cloud services. |
Emails
Destination TCP Port (default) | Protocol/Target Type | Description |
---|---|---|
143 | IMAP server | To scan email accounts using IMAP. |
993 | IMAPS server | To scan email accounts using IMAPS. |
1352 | HCL Notes client | To scan HCL Notes clients. |
Databases
Destination TCP Port (default) | Protocol/Target Type | Description |
---|---|---|
50000 | IBM DB2 server | To scan IBM DB2 databases. |
9088 | IBM Informix server | To scan IBM Informix databases. |
1927 | InterSystems Caché server | To scan InterSystems Caché namespaces. |
3306 | MySQL or MariaDB server | To scan MySQL or MariaDB databases. |
1433 | Microsoft SQL server | To scan Microsoft SQL databases. |
27017 | MongoDB server | To scan MongoDB databases. |
1521 | Oracle database server | To scan Oracle databases. |
5432 | PostgreSQL server | To scan PostgreSQL databases. |
30015 | SAP HANA | To scan SAP HANA databases. |
3638 | Sybase/SAP ASE | To scan Sybase/SAP ASE databases. |
1025 | Teradata database server | To scan Teradata databases. |
8629 | Tibero database server | To scan Tibero databases. |
Server Applications
Destination TCP Port (default) | Protocol/Target Type | Description |
---|---|---|
443 | Confluence On-Premises | To scan Confluence servers. |