Internet Access Requirements for the Passive Identity Agent
By default, the passive identity agent is configured to communicate with the Firepower System over the internet using HTTPS on port 443/tcp (HTTPS). If you do not want the passive identity agent to have direct access to the internet, you can configure a proxy server.
If your Cloud-delivered Firewall Management Center cannot communicate with the machine on which the passive identity agent is installed, you must use a proxy with the HTTPS protocol enabled.
The way you do this is up to you; for example, you might have a commercial proxy and use a Windows system proxy with HTTPS enabled to communicate with it.
The following information informs you of the ports the passive identity agent use to communicate with each other, with the Security Cloud Control, and with Microsoft Active Directory.
| Port | Reason |
|---|---|
|
443 |
Communicate with the Security Cloud Control. |
|
135 |
Communicate with Microsoft Active Directory using the MSRPC protocol. |
|
9095 |
Communicate with each other using the UDP protocol. |