Ports and Protocols. Clearswift SECURE Web Gateway v4.x. Version 2.2. October Clearswift Public

Similar documents
Ports and Protocols. Clearswift SECURE Web Gateway v4.x. Issue /04/2017. Clearswift Public

Clearswift SECURE Web Gateway V4.x

Ports and Protocols. Clearswift SECURE ICAP Gateway v4.9. Version 2.3. November Clearswift Public

Ports and Protocols. Clearswift SECURE ICAP Gateway v4.3. Version 01 14/03/2016. Clearswift Public

Ports and Protocols. Clearswift SECURE ICAP Gateway v4.8. Version 2.0. July Clearswift Public

Clearswift SECURE Exchange Gateway V4.9

Clearswift SECURE Exchange Gateway V4.8

Clearswift SECURE Gateway V4.9

Clearswift SECURE Gateway V4.x

Clearswift SECURE Gateway V4.x

CLEARSWIFT SECURE Gateway

Frequently Asked Questions (FAQ)

SEG vs Office 365 Security Features. Feature outline

Clearswift Gateway Installation & Getting Started Guide. Version 4.1 Document Revision 1.4

Clearswift & Sandbox Technology. Version 1.1

Clearswift SECURE Gateways

Clearswift SECURE Gateway Installation & Getting Started Guide. Version 4.3 Document Revision 1.0

Clearswift SECURE Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Clearswift SECURE Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Installation & Getting Started Guide. Version Document Revision 1.0

Clearswift SECURE Exchange Gateway Installation & Setup Guide. Version 1.0

Installation & Getting Started Guide. Version Document Revision 1.0

Clearswift SECURE Gateway Installation & Getting Started Guide. Version Document Revision 1.0

SECURE Gateway with Microsoft Azure Installation Guide. Version Document Revision 1.0

Clearswift SECURE Exchange Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Clearswift SECURE Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Clearswift SECURE Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Installation & Getting Started Guide. Version Document Revision 1.0

SECURE Gateway v4.7. TLS configuration guide

Clearswift SECURE Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Clearswift SECURE ICAP Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Clearswift Hosting Options

Product Information Bulletin. Clearswift SECURE Gateway 4.7

Endpoint web control overview guide

Clearswift Managed Security Service for

Clearswift SECURE Exchange Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Connect the Appliance to a Cisco Cloud Web Security Proxy

Sophos Virtual Appliance. setup guide

Security in the Privileged Remote Access Appliance

Management Console User Guide

Integrate Cisco VPN Concentrator

Installation Guide. CompanyCRYPT v1.4.5

Installation Guide. CompanyCRYPT v1.4.5

Secure Web Gateway. SWG User Guide. Release Manual Version v

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Security, Internet Access, and Communication Ports

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Security, Internet Access, and Communication Ports

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

Security in Bomgar Remote Support

Security, Internet Access, and Communication Ports

Table of Contents 1 V3 & V4 Appliance Quick Start V4 Appliance Reference...3

The Privileged Remote Access Appliance in the Network

Security, Internet Access, and Communication Ports

The Bomgar Appliance in the Network

Clearswift SECURE Exchange Gateway Installation & Getting Started Guide. Version Document Revision 1.0

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

The Privileged Access Appliance in the Network

Clearswift SECURE Exchange Gateway Installation & Getting Started Guide. Version Document Revision 1.0

2 Hardening the appliance

HP ArcSight Port and Protocol Information

HySecure Quick Start Guide. HySecure 5.0

Stonesoft Management Center. Release Notes for Version 5.6.1

Load Balancing Censornet USS Gateway. Deployment Guide v Copyright Loadbalancer.org

Module 1: Understanding and Installing Internet Information Services

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

vcenter Server Appliance Configuration Modified on 17 APR 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7

Google Search Appliance

Sophos Web Appliance Configuration Guide. Product Version Sophos Limited 2017

Seqrite TERMINATOR (UTM) Unified Threat Management Solution.

Sophos Web Appliance Configuration Guide. Product Version Sophos Limited 2017

Security Provider Integration Kerberos Authentication

Integrating Microsoft Forefront Threat Management Gateway (TMG)

Cisco TelePresence Video Communication Server Basic Configuration (Single VCS Control)

Echidna Concepts Guide

Course 10972B: Administering the Web Server (IIS) Role of Windows Server

BlackBerry UEM Configuration Guide

10972: ADMINISTERING THE WEB SERVER (IIS) ROLE OF WINDOWS SERVER

Configuration Guide. BlackBerry UEM. Version 12.9

vcloud Director User's Guide

CounterACT 7.0. Quick Installation Guide for a Single Virtual CounterACT Appliance

vcenter Server Appliance Configuration Update 1 Modified on 04 OCT 2017 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

NGFW Security Management Center

NGFW Security Management Center

Tanium Appliance Installation Guide

NGFW Security Management Center

Sophos Mobile Control Installation prerequisites form

NGFW Security Management Center

Installing and Configuring vcloud Connector

Check Point 1100 Appliances Frequently Asked Questions

Microsoft Internet Security & Acceleration Server Overview

Clearswift SECURE Exchange Gateway Installation & Getting Started Guide. Version Document Revision 1.0

vcloud Director User's Guide 04 OCT 2018 vcloud Director 9.5

vcloud Director User's Guide

Installing and Configuring vcloud Connector

StoneGate SSL VPN. Release Notes for Version 1.4.1

NGFW Security Management Center

Installing and Configuring vcenter Support Assistant

NGFW Security Management Center

Transcription:

Clearswift SECURE Web Gateway v4.x Version 2.2 October 2018 Clearswift Public

Copyright Version 2.2, October 2018 Published by Clearswift Ltd. 1995 2018 Clearswift Ltd. All rights reserved. The materials contained herein are the sole property of Clearswift Ltd unless otherwise stated. The property of Clearswift may not be reproduced or disseminated or transmitted in any form or by any means electronic, mechanical, photocopying, recording, or otherwise stored in any retrievable system or otherwise used in any manner whatsoever, in part or in whole, without the express permission of Clearswift Ltd. formation in this document may contain references to fictional persons, companies, products and events for illustrative purposes. Any similarities to real persons, companies, products and events are coincidental and Clearswift shall not be liable for any loss suffered as a result of such similarities. The Clearswift Logo and Clearswift product names are trademarks of Clearswift Ltd. All other trademarks are the property of their respective owners. Clearswift Ltd. (registered number 3367495) is registered in Britain with registered offices at 1310 Waterside, Arlington Business Park, Theale, Reading, Berkshire RG7 4SA, England. Users should ensure that they comply with all national legislation regarding the export, import, and use of cryptography. Clearswift reserves the right to change any part of this document at any time. Clearswift Public Page 2 of 7

Contents 1 Connection Ports and Protocols... 4 1.1 External Connections... 4 1.2 ternal Connections... 5 1.3 HTTP/S Proxy support restrictions... 7 Clearswift Public Page 3 of 7

1 Connection Ports and Protocols The Clearswift SECURE Web Gateway requires connectivity to external services over a number of different ports and protocols. Clients should be aware that these entries may be liable to change with limited notice as Clearswift extends its infrastructure to exceed demands. Wherever possible, clients should configure their firewalls to utilize the hostname of the service and only use IP addresses if defining access by hostname is not possible. 1.1 External Connections The following table summarizes the required connections from the Gateway to or from servers outside the organization. Description Protocol Port Direction Hostname/URL Current IP Address FTP Over HTTP 20/21 DNS requests to ternet servers UDP 53 / kav-update-8-1.clearswift.net Kaspersky AV updates 80 kav-update-8-2.clearswift.net kav-update-8-3.clearswift.net kav-update-8-4.clearswift.net sav-update-1.clearswift.net Sophos AV updates 80 sav-update-2.clearswift.net sav-update-3.clearswift.net sav-update-4.clearswift.net OneCRL 443 One-crl.clearswift.net Kaspersky KSN lookup Clearswift Update Server 443 80 Whilst this is on 443, the traffic is not standard HTTP/S, do not try and route through an SSL proxy repo.clearswift.net rh.repo.clearswift.net 46.51.174.180 176.34.178.169 54.216.128.43 Clearswift Public Page 4 of 7

Description Protocol Port Direction Hostname/URL Current IP Address RSS Feed 80 www.clearswift.com 185.181.126.115 Appliance online help 80 apphelpweb.clearswift.com 79.125.18.99 Service Availability List 80 services1.clearswift.net services2.clearswift.net services3.clearswift.net See https://ipranges.amazonaws.com/ipranges.json URL Database Updates 80 url1.clearswift.net url2.clearswift.net url3.clearswift.net url4.clearswift.net NTP server UDP 123 / time.clearswift.net Forms part of the NTP Pool project (http://www.pool.ntp.org) Clearswift license key validation General HTTPS web access 443 applianceupdate.clearswift.com 443 86.188.240.24 213.106.99.208 46.236.38.70 GRE (47) WCCPv2 8444 9102 PBR 8444 9102 1.2 ternal Connections The following table summarizes the required connections from the Gateway to or from servers inside the organization. Description Protocol Port Direction Comment FTP/S Backup/Restore 20/21 SSH access to the Gateway Console 22 Disabled by default SFTP Lexical data import 22 To the server containing the lexical data SFTP Backup & Restore 22 To the backup server SFTP Transaction Log Export 22 To the log repository server Clearswift Public Page 5 of 7

Description Protocol Port Direction Comment bound SMTP for alerts 25 DNS requests to internal servers UDP 53 User Authentication using Kerberos UDP 88 88 NTP to internal server UDP 123 /in By default it is configured to connect to Clearswift NTP server 135 User Authentication using NTLM UDP 137 139 To directory servers 445 SNMP monitoring UDP 161 From SNMP management servers SNMP alerts UDP 162 LDAP Directory access 389 The port is configurable Secure LDAP Directory access 636 The port is configurable HTTPS access to the Gateway s Web terface 443 HTTPS Lexical data import 443 To the server containing the lexical data SYSLOG export 514 To the central SYSLOG server FTPS Lexical data import 990/21 To the server containing the lexical data FTPS Backup & Restore 990/21 To the backup server FTPS Transaction Log Export 990/21 To the log repository server SCOM Monitoring 1270 From the SCOM server LDAP connection to an active directory global catalogue 3268 3269 Clearswift Public Page 6 of 7

Description Protocol Port Direction Comment Master/Slave HTTPS configuration 8071 8070 8090 (Master) (Slave) (Slave) Communications are always between Master and Slaves. So for Master means from Slaves to Master Distribution of information to peer appliances UDP 9000 / This port is configurable through the Web UI 1.3 HTTP/S Proxy support restrictions Customers using HTTP/S proxies will suffer from 2 issues 1. If customers are using Kaspersky AV with Cloud Lookup enabled will not be able to decrypt the 443 connection due to it being a proprietary protocol 2. Customers performing license validation can either bypass content inspection on the proxy or deploy a client certificate to enable the SSL content to be processed and validate the license key correctly. 1.4 Change History Date Vers Description Oct- 2018 2.2 Add additional IPs for new AV mirrors (old addresses will be retired) Add OneCRL entries for certificate revocation feature in 4.9 release URL database downloads from new servers. Change Clearswift website. The following addresses used for AV updates will be retired on 22/11/18 184.72.245.1, 79.125.8.252, 175.41.136.7, 174.129.26.118, 176.34.251.142 and 54.254.98.96 The URL database servers on 79.125.3.206, 184.72.241.7, 174.129.200.98 and 46.137.169.34 will be retired on 22/11/18 Clearswift Public Page 7 of 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback