Enterprise Recon 2.2

Network Requirements

This section covers the following topics:

  1. Master Server Network Requirements
  2. Node Agent Network Requirements
  3. Proxy Agent Network Requirements

Master Server Network Requirements

If you have any firewalls configured between the Master Server and

  • any hosts that need to connect to the Web Console,
  • all Agent hosts, or
  • (optional) the Ground Labs update server,

make sure that the following connections are allowed:

TCP Port Allowed Connections To / From Description
80 / 443 Inbound From: Hosts connecting to the Web Console. To allow hosts on the network to access the Web Console.
8843 Outbound To: Ground Labs update server. (Optional) To allow the Master Server to receive updates from the Ground Labs update server.
11117 Inbound From: Node or Proxy Agent hosts. To allow Node and Proxy Agents to establish a connection to the Master Server.

Node Agent Network Requirements

On Node Agent hosts, the following connections must be allowed:

TCP Port Allowed Connections To / From Description
11117 Outbound To: Master Server. A Node Agent establishes a connection to the Master Server on this port to send reports and receive instructions.

Proxy Agent Network Requirements

Proxy Agents must be able to connect to:

  • the Master Server on port 11117
  • the Target host or service

Details can be found in these sections below:

Agentless Scans

Make sure that the Target and Proxy Agent host fulfill the following requirements:

Target Host Proxy Agent TCP Port 1 Requirements
Windows host Windows Proxy Agent

  • Port 135, 139 and 445.

For Targets running Windows Server 2008 and newer:

  • Dynamic ports 9152 - 65535

For Targets running Windows Server 2003 R2 and older:

  • Dynamic ports 1024 - 65535

WMI can be configured to use static ports instead of dynamic ports.
  • Bi-directional SCP must be allowed between the Target and Proxy Agent host.
  • The Target host security policy must be configured to allow the scanning engine to be executed locally.
  • The Target credential must have the required permissions to read, write and execute on the Target host.
Unix or Unix-like host Windows or Unix Proxy Agent
  • Port 22.
  • Target host must have a SSH server installed and running.
  • Proxy Agent host must have an SSH client installed.
  • Bi-directional SCP must be allowed between the Target and Proxy Agent host.
  • The Target host security policy must be configured to allow the scanning engine to be executed locally.
  • The Target credential must have the required permissions to read, write and execute on the Target host.

1 TCP Port allowed connections.

See Agentless Scan for more information.

Network Storage

Protocol/Target Type Destination TCP Port (default) Description
CIFS/SMB server

445

*See description for additional ports.

To scan Windows remote file shares via CIFS.

Additional ports

For Windows 2000 and older:

  • 137 (UDP)
  • 138 (UDP)
  • 139 (TCP)

SSH server 22 To scan Unix or Unix-like remote file shares via SSH.
NFS server

2049 (TCP or UDP)

*See description for additional ports.

To scan NFS file shares.

Additional ports

NFSv4 requires only port 2049 (TCP only).

NFSv3 and older must allow connections on the following ports:

  • 111 (TCP or UDP)
  • Dynamic ports assigned by rpcbind.

rpcbind assigns dynamic ports to the following services required by NFSv3 and older:

  • rpc.rquotad
  • rpc.lockd (TCP and UDP)
  • rpc.mountd
  • rpc.statd

To find out which ports these services are using on your NFS server, check with your system administrator.

Websites and Cloud Services

Destination TCP Port (default) Protocol/Target Type Description
80 HTTP server To scan websites.
443 HTTPS server To scan HTTPS websites.
443 Cloud services To scan cloud services.

Emails

Destination TCP Port (default) Protocol/Target Type Description
143 IMAP server To scan email accounts using IMAP.
993 IMAPS server To scan email accounts using IMAPS.
443 Microsoft Exchange Server (EWS) To scan Microsoft Exchange servers via EWS.
1352 HCL Notes client To scan HCL Notes clients.

Databases

Destination TCP Port (default) Protocol/Target Type Description
50000 IBM DB2 server To scan IBM DB2 databases.
9088 IBM Informix server To scan IBM Informix databases.
1927 InterSystems Caché server To scan InterSystems Caché namespaces.
3306 MySQL or MariaDB server To scan MySQL or MariaDB databases.
1433 Microsoft SQL server To scan Microsoft SQL databases.
27017 MongoDB server To scan MongoDB databases.
1521 Oracle database server To scan Oracle databases.
5432 PostgreSQL server To scan PostgreSQL databases.
30015 NEW SAP HANA To scan SAP HANA databases.
3638 Sybase/SAP ASE To scan Sybase/SAP ASE databases.
1025 Teradata database server To scan Teradata databases.
8629 Tibero database server To scan Tibero databases.