ePolicy Orchestrator port requirements for firewall traffic

Environment

ePolicy Orchestrator (ePO) 5.x
Trellix Agent (TA) 5.x

NOTE: McAfee Agent (MA) was rebranded to TA in version 5.7.7.

Summary

Recent updates to this article

Date	Update
August 4, 2023	Updated information in the description column for License Server port.
June 1, 2023	Updated information related to the lc.mcafee.com and lc.trellix.com URLs.
March 8, 2023	Updated rebranding changes.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

The following tables display the ports that ePO needs to communicate through a firewall.

For this article:

Bidirectional - A connection is initiated from either direction.
Inbound - Connection initiated by a remote system.
Outbound - Connection initiated by the local system.

Port	Default	Description	Traffic direction
Agent-server communication port	80	TCP port that the ePO server service uses to receive requests from agents.	Inbound connection to the Agent Handler and the ePO server from TA. Inbound connection to the ePO server from the Remote Agent Handler.
File sharing and server message block (SMB)	135	Port 135 needs to be open to deploy TA from the System Tree. The following ports are associated with file sharing and server message block (SMB) communications: Microsoft file sharing SMB: User Datagram Protocol (UDP) Ports from 135 through 139. Transmission Control Protocol (TCP) ports from 135 through 139. Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD). For more details, see this Microsoft Article.	Outbound
Agent-server communication secure port	443	TCP port that the ePO server service uses to receive requests from agents and Remote Agent Handlers.	Inbound connection to the Agent Handler and the ePO server from TA. Inbound connection to the ePO server from the Remote Agent Handler.
Software Manager and Product Compatibility List port		TCP port that the ePO server uses to connect to our Software Download Server (s-download.trellix.com) and Product Compatibility List (epo.trellix.com). NOTE: These URLs are changed on October 24, 2022. For more information, see KB95905 - ePolicy Orchestrator and Trellix Agent URL changes.	Outbound connection from the ePO server to our servers.
License Server port		TCP port that the ePO server uses to connect to our License Server. The URL for this server is currently lc.mcafee.com. After an upgrade to ePO 5.10 Service Pack 1 Update 2 when it releases, the ePO server uses the lc.trellix.com URL. NOTE: The lc.mcafee.com URL will not work from September 30, 2024. For more information, see KB95905 - ePolicy Orchestrator and Trellix Agent URL changes.	Outbound connection from the ePO server to our servers.
Agent wake-up communication port SuperAgent repository port	8081	TCP port that agents use to receive agent wake-up requests from the ePO server or Agent Handler. TCP port that the SuperAgents configured as repositories that are used to receive content from the ePO server during repository replication, and to serve content to client systems.	Inbound connection from the ePO server or Agent Handler to TA. Inbound connection from client systems to SuperAgents configured as repositories.
Agent broadcast communication port	8082	UDP port that the SuperAgents use to forward messages from the ePO server or Agent Handler.	Outbound connection from the SuperAgents to the other TA.
Console-to-application server communication port	8443	TCP port that the ePO Application Server service uses to allow web browser UI access.	Inbound connection to the ePO server from the ePO console.
Client-to-server authenticated communication port	8444	TCP Port that the Agent Handler uses to communicate with the ePO server to obtain information (such as LDAP servers).	Outbound connection from Remote Agent Handlers to the ePO server.
SQL Server TCP port	1433	TCP port used to communicate with the SQL Server. This port is specified or determined automatically during the setup process.	Outbound connection from the ePO server or Agent Handler to the SQL Server.
SQL Server UDP port	1434	UDP port used to request the TCP port that the SQL instance hosting the ePO database is using.	Outbound connection from the ePO server or Agent Handler to the SQL Server.
LDAP server port	389	TCP port used to retrieve LDAP information from Active Directory servers.	Outbound connection from the ePO server or Agent Handler to an LDAP server.
SSL LDAP server port	636	TCP port used to retrieve LDAP information from Active Directory servers.	Outbound connection from the ePO server or Agent Handler to an LDAP server.
LDAP with Global Catalog	3268	TCP port used to retrieve LDAP information from Active Directory servers when using Global Catalog.	Outbound connection from the ePO server or Agent Handler to an LDAP server.
SSL LDAP with Global Catalog	3269	TCP port used to retrieve LDAP information from Active Directory servers when using Global Catalog and SSL.	Outbound connection from the ePO server, or Agent Handler to an LDAP server.
SMB Windows domain controller port	445	TCP port used for ePO console logon when authenticating Active Directory users.	Outbound connection from the ePO server to the domain controller (Active Directory) server.
Syslog server port (optional)	6514	Default port for Syslog using TLS: only needed if syslog forwarding is configured.	Outbound from the ePO server or Agent Handlers to the registered syslog server.

NOTES:

An Agent Handler does not need a connection to an LDAP server, if Database Mirroring is enabled. (Server settings, User Policies).
If enabled on the ePO Application service, it requires access to the LDAP server. For more information about Database Mirroring, see the ePO Product Guide.

ePO (Ports/Traffic Quick Reference)

ePO server

Default Port	Protocol	Traffic direction
80	TCP	Inbound connection to the ePO server
389	TCP	Outbound connection from the ePO server
443	TCP	Inbound/outbound connection to/from the ePO server
445	SMB	Outbound connection from the ePO server
636	TCP	Outbound connection from the ePO server
1433	TCP	Outbound connection from the ePO server
1434	UDP	Outbound connection from the ePO server
8081	TCP	Outbound connection from the ePO server
8443	TCP	Inbound connection to the ePO server
8444	TCP	Inbound connection to the ePO server

Remote Agent Handlers (one or more)

Default Port	Protocol	Traffic direction
80	TCP	Inbound/outbound connection to or from the Agent Handler¹
389	TCP	Outbound connection from the Agent Handler
443	TCP	Inbound/outbound connection to or from the Agent Handler
636	TCP	Outbound connection from the Agent Handler
1433	TCP	Outbound connection from the Agent Handler
1434	UDP	Outbound connection from the Agent Handler
8081	TCP	Outbound connection from the Agent Handler
8443	TCP	Outbound connection from the Agent Handler
8444	TCP	Outbound connection from the Agent Handler

¹ If the ASCI secure port is disabled from the ePO Server settings page, it uses the ASCI port as default. The default ASCI and ASCI Secure port details are as follows:

ASCI port is 80
ASCI secure port is 443

Trellix Agent

Default Port	Protocol	Traffic direction
80	TCP	Outbound connection to the ePO server or Agent Handler (4.x only)¹
443	TCP	Outbound connection to the ePO server or Agent Handler (4.x and 5.x)
8081	TCP	Inbound connection from the ePO server and Agent Handler. If the agent is a SuperAgent Repository, inbound connection from the other TA.
8082	UDP	Inbound connection to agents. Inbound and outbound connection from and to SuperAgents.
8083	UDP	RelayServer discovery for version 4.8.

¹ Port 80 is used by Agent 4.x to connect to ePO/AH as a repository for Agent tasks.

SQL Server

Default Port	Protocol	Traffic direction
1433	TCP	Inbound connection from the ePO server or Agent Handler
1434	UDP	Inbound connection from the ePO server or Agent Handler

Updates

Default Port	Protocol	Traffic direction
21	TCP	Effective May 31, 2019, the service provider that we use to host our FTP service will no longer provide FTP capabilities.
80	TCP	Outbound from the ePO server to http://update.nai.com/products.
443	TCP	Outbound from the ePO server to the following URLs: epo.trellix.com s-download.trellix.com lc.trellix.com NOTE: These URLs are changed on October 24, 2022. For more information, see KB95905 - ePolicy Orchestrator and Trellix Agent URL changes.

Agent deployment on Linux uses port 22 (bidirectional). Agent deployment on Windows client uses port 445.

Knowledge Center

ePolicy Orchestrator port requirements for firewall traffic

Environment

Summary

Related Information

Affected Products

Languages:

Title

Title

Knowledge Center

ePolicy Orchestrator port requirements for firewall traffic

Environment

Summary

Related Information

Affected Products

Languages:

Choose your region

Title

Title