Internet Resources Accessed by Managed Devices
Managed devices access the following outside resources. For deployments behind a network barrier—like an edge firewall—make sure you allow traffic on the required ports to the listed resources. In addition to managed devices accessing the internet, your browser may contact Amplitude (amplitude.com) web analytics servers to provide non-personally-identifiable usage data to Cisco.
|
Feature |
Reason |
HA/Clustering |
Port |
Resource |
|---|---|---|---|---|
|
Required for initial setup and general operations |
||||
|
DNS |
DNS |
All units communicate with the DNS server. |
53/tcp 53/udp |
|
| NTP |
Synchronize time. Not supported with a proxy server. |
All units communicate with the NTP server. |
123/udp |
|
|
Required for general operations |
||||
|
CA certificate bundles |
The local CA bundle contains certificates to access several Cisco services. Queries for new CA certificates at a daily system-defined time. |
Each unit downloads its own certificates. |
443/tcp |
cisco.com/security/pki |
|
Cisco Support Diagnostics |
Accepts authorized requests and transmits usage information and statistics. |
All units communicate. |
443/tcp |
api-sse.cisco.com:8989 |
|
Required for specific configurations or features |
||||
|
Malware Defense |
Submit files for dynamic analysis. |
All units submit files. |
443/tcp |
fmc.api.threatgrid.com fmc.api.threatgrid.eu |
|
Upgrades |
Download upgrades directly to managed devices. Tests the connection once a week. |
Upgrade packages do not sync. Each unit must get its own. |
443/tcp |
cdo-ftd-images.s3-us-west-2.amazonaws.com |