Communication Ports
For deployments behind a network barrier—for example, an edge firewall—make sure you allow traffic on the required ports. Note that ports not required for essential or default operations remain closed until needed by a configuration or feature.
Ports for Management Center
Communicate with the management center using these ports.
|
Inbound Port |
Protocol/Feature |
Details |
|---|---|---|
|
443/tcp |
HTTPS |
Access the management center web interface. |
|
443/tcp |
HTTPS |
Communicate with integrated and third-party products using the REST API. |
|
8305/tcp |
Appliance communications |
Securely communicate with managed devices. |
Ports for Managed Devices
Managed devices use these ports to communicate.
|
Inbound Port |
Protocol/Feature |
Details |
|---|---|---|
|
22/tcp |
SSH |
Secure remote connections to the appliance. |
|
161/udp |
SNMP |
Allow access to MIBs via SNMP polling. |
|
443/tcp |
HTTPS |
Communicate with integrated and third-party products using the REST API. |
|
443/tcp |
Remote access VPN (SSL/IPSec) |
Allow secure VPN connections to your network from remote users. |
|
500/udp 4500/udp |
Remote access VPN (IKEv2) |
Allow secure VPN connections to your network from remote users. |
|
885/tcp |
Captive portal |
Communicate with a captive portal identity source. |
|
8305/tcp |
Appliance communications |
Securely communicate with the management center. Also initiates connections on this port. |
|
8989/tcp |
Cisco Support Diagnostics |
Accepts authorized requests. Also initiates connections on this port. |
|
Outbound Port |
Protocol/Feature |
Details |
|---|---|---|
|
53/tcp 53/udp |
DNS |
DNS |
|
67/udp 68/udp |
DHCP |
DHCP |
|
123/udp |
NTP |
Synchronize time. |
|
162/udp |
SNMP |
Send SNMP alerts to a remote trap server. |
|
1812/udp 1813/udp |
RADIUS |
Communicate with a RADIUS server for external authentication and accounting. Configurable. |
|
389/tcp 636/tcp |
LDAP |
Communicate with an LDAP server for external authentication. Configurable. |
|
443/tcp |
HTTPS |
Send and receive data from the internet; see Resources accessed over HTTP or HTTPS. |
|
514/udp |
Syslog (audit logging) |
Send audit logs to a remote syslog server, when TLS is not configured. |
|
8305/tcp |
Appliance communications |
Securely communicate with the management center. Also accepts connections on this port. |
|
8514/udp |
Secure Network Analytics Manager |
Send syslog messages to Secure Network Analytics using Security Analytics and Logging (On Premises). |
|
8989/tcp |
Cisco Support Diagnostics |
Transmits usage information and statistics. Also accepts connections on this port. |