Port Requirements for Shavlik Protect

Version 28

    Purpose

     

    This article provides information about the port requirements for Shavlik Protect.

     

    Symptoms

     

    Features of Protect and Protect Agents may not work if these ports are blocked.

     

    Description/Resolution

     

    You will need to ensure the following ports are open/allowed for the corresponding features of Protect to work.

    Inbound Ports

     

    MachineInbound PortExplanation
    Agentless System

    TCP 135

    WMI Scanning – Only needed if using Asset Scanning
    Agentless System

    TCP 137-139 or TCP 445

    (Windows file sharing/directory services) required for agentless scan and Deployment to work
    Agentless System

    TCP 5120

    Allows Scheduler to receive commands from console machine
    Agentless System

    UDP 9

    Only used if using Wake on Lan
    Agentless SystemTCP 5985Allows you to use IT Scripts feature
    Agent SystemTCP 4155Allows Agent to allow commands from console
    Protect ConsoleTCP 3121

    Required for Deployment Tracker status updates for patch deployment and agent communication back to console

    Distribution Server:
    HTTP configuration
    TCP 80

    Needed for Distribution Servers to Sync patches with Console only if using HTTP

    Distribution Server:
    HTTPS configuration
    TCP 443

    Needed for Distribution Servers to Sync patches with Console only if using HTTPS

    Distribution Server:
    UNC configuration
    TCP 137-139 or TCP 445(Windows file sharing/directory services) Needed for Distribution Servers to Sync patches with Console only if using UNC

     

    Outbound Ports

     

    MachineOutbound PortExplanation
    Agent SystemTCP 80(Only for Distribution Servers that utilize HTTP) Allows agent and console communion with Distribution Server using HTTP
    Agent SystemTCP 443Only used for cloud agents
    Agent SystemTCP 3121

    Agent communication back to console

    Agentless SystemTCP 137-139 or TCP 445(Windows file sharing directory services) required for agentless scan to work
    Agentless SystemTCP 3121Required for Deployment Tracker status updates back to console
    Agentless System
    TCP 135
    WMI Scanning – Only needed if using Asset Scanning
    Protect ConsoleTCP 80Patch and Data downloads
    Protect ConsoleTCP 137-139 or TCP 445(Windows file sharing directory services)
    Protect Console443Only used for cloud sync for agents
    Protect ConsoleTCP 5120(From console to agentless target) Allows console to send commands to target machine Scheduler
    Protect ConsoleUDP 9Only used if using Wake on Lan and Error Reporting

     


    Additional Information

     

    There is a port requirements table within Protect under Help > Contents > System Requirements.

    In some locked down environments, you will also need to specifically allow traffic over the default dynamic port range which is: 49152 - 65535.

     

    How to use Telnet to test the connection over specific ports

    How to configure Windows Firewall port exceptions

    Explanations of port requirements

    Configurable Ports

     

    Affected Product(s)


    All Versions