Carbon Black Cloud: What Ports must be opened on the Firewall and Proxy Servers?

Carbon Black Cloud: What Ports must be opened on the Firewall and Proxy Servers?

Environment

  • Carbon Black Cloud (Formerly PSC) Console: All Versions
  • Endpoint Standard (Formerly CB Defense) Sensor: All Versions
  • Microsoft Windows: All Supported Versions
  • Apple MAC OS: All Versions

Question

What ports must be opened on the Firewall or Proxy servers to allow the sensor to communicate with the various Carbon Black Cloud services?

Answer

This information can be found in our Configuration Guide.

Additional Notes

  • If "Submit unknown binaries for analysis" is enabled, all traffic goes through CB Defense Device Services before it is routed to the Carbon Black Cloud. The Carbon Black Cloud only uses third-party vendor, Avira Operations GmbH & Co. KG (“Avira”), as a subprocessor to assist with the threat analysis. The sensor will never directly communicate with Avira, so there are no additional network changes required.
  • To determine whether the agent is "onsite" or "offsite" the sensor sends a ICMP echo to see if the each DNS suffix address is reachable. In this case you may observe outbound connections to your Domain Controllers from the Sensor Service (RepMgr).

Related Content


Was this article helpful? Yes No
65% helpful (9/14)
Article Information
Author:
Creation Date:
‎07-15-2016
Views:
50105