User Guide
D-1
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
APPENDIX
D
Firewall Information
The following table lists the possible ports that may need to be opened for proper operation of the Cisco
appliance (these are the default values).
Table D-1 Firewall Ports
Port Protocol In/Out Hostname Description
20/21 TCP In or Out AsyncOS IPs, FTP Server FTP for aggregation of log files.
Data ports TCP 1024 and higher must
also all be open.
For more information, search for FTP
port information in the Knowledge
Base. See Knowledge Base, page 1-3.
22 TCP In AsyncOS IPs SSH access to the CLI, aggregation of
log files.
22 TCP Out SSH Server SSH aggregation of log files.
22 TCP Out SCP Server SCP Push to log server
25 TCP Out Any SMTP to send email.
25 TCP In AsyncOS IPs SMTP to receive bounced email or if
injecting email from outside firewall.
53 UDP/TCP In & Out DNS Servers DNS if configured to use Internet root
servers or other DNS servers outside
the firewall. Also for SenderBase
queries.
80 HTTP In AsyncOS IPs HTTP access to the GUI for system
monitoring.
80 HTTP Out downloads.ironport.com Service updates, except for AsyncOS
upgrades and McAfee definitions.
80 HTTP Out updates.ironport.com AsyncOS upgrades and McAfee
Anti-Virus definitions.
80 HTTP Out cdn-microupdates.cloud
mark.com
Used for updates to third-party spam
component in Intelligent MultiScan.
Appliance must also connect to CIDR
range 208.83.136.0/22 for third-party
phone home updates.