Cisco 7010 Installation Manual page 23

Firepower 7000 series; firepower 8000 series

Hide thumbs Also See for 7010:

Product user manual (151 pages)

Help manual (132 pages)

Replacement instructions manual (23 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

page of 204

/ 204
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 1

Introduction to the Firepower System

Note that the system allows you to change some of its communication ports:

•

The following table lists the open ports required by each appliance type so that you can take full

advantage of Firepower System features.

Table 1-7

Default Communication Ports for Firepower System Features and Operations

Port

Description

22/tcp

SSH/SSL

25/tcp

SMTP

53/tcp

DNS

67/udp

DHCP

68/udp

80/tcp

HTTP

161/udp

SNMP

162/udp

SNMP

389/tcp

LDAP

636/tcp

389/tcp

LDAP

636/tcp

443/tcp

HTTPS

You can specify custom ports for LDAP and RADIUS authentication when you configure a

connection between the system and the authentication server; see the Firepower Management

Center Configuration Guide.

You can change the management port (8305/tcp); see the Firepower Management Center

Configuration Guide. However, Cisco strongly recommends that you keep the default setting. If you

change the management port, you must change it for all appliances in your deployment that need to

communicate with each other.

You can use port 32137/tcp to allow upgraded Firepower Management Centers to communicate with

the Collective Security Intelligence Cloud. However, Cisco recommends you switch to port 443,

which is the default for fresh installations of Version 6.0 and later. For more information, see the

Firepower Management Center Configuration Guide.

Direction

Is Open on...

Bidirectional

Any

Outbound

Any

Outbound

Any

Outbound

Any

Outbound

Any except virtual

devices and

ASA FirePOWER

Bidirectional

Management Center

Bidirectional

Any except virtual

devices and

ASA FirePOWER

Outbound

Any

Outbound

Any except virtual

devices

Outbound

Management Center

Inbound

Any except virtual

devices and

ASA FirePOWER

Security, Internet Access, and Communication Ports

To...

allow a secure remote connection to the

appliance.

send email notices and alerts from the

appliance.

use DNS.

use DHCP.

Note

These ports are closed by default.

allow the RSS Feed dashboard widget to

connect to a remote web server.

update custom and third-party Security

Intelligence feeds via HTTP.

download URL category and reputation data

(port 443 also required).

allow access to an appliance's MIBs via

SNMP polling.

send SNMP alerts to a remote trap server.

communicate with an LDAP server for

external authentication.

obtain metadata for detected LDAP users.

access an appliance's web interface.

Firepower 7000 and 8000 Series Installation Guide

1-15

Table of Contents

Show Quick Links

Hide quick links:

Chapters

Table of Contents

This manual is also suitable for:

7120 7115 7125 Amp7150 7020 7030 ... Show all

Cisco 7010 Installation Manual page 23

Hide quick links:

Chapters

Related Manuals for Cisco 7010

Related Products for Cisco 7010

This manual is also suitable for:

Table of Contents