Default Port |
Protocol |
Traffic Direction |
Description and Comments |
21 |
TCP (FTP) |
Inbound connection from client to TIS |
Access the FTP servers on TIS. |
22 |
TCP (SFTP) |
Inbound connection from administrator client |
Upload of TIS software updates and images. |
80 |
TCP |
Outbound connection to ePO/Agent Handler |
See the Trellix Agent table in KB66797 - ePolicy Orchestrator port requirements for firewall traffic. |
443 |
TCP |
Outbound connection to ePO/Agent Handler |
80 |
TCP (HTTP) |
Outbound connection to URL update service (list.smartfilter.com) |
URL updates. |
443 |
TCP (HTTPS) |
Inbound connection from user console/REST API |
Communication between the Manager and TIS through the RESTful APIs. |
443 |
TCP (HTTPS) |
Inbound connection from TIE servers |
File upload from TIE server to TIS appliance. |
443 |
TCP (HTTPS) |
Outbound connection to McAfee GTI service (tunnel.message.trustedsource.org) |
- Outbound connectivity from TIS management interface for GTI reputation lookups.
- The connection can be proxied.
|
443 |
TCP (HTTPS) |
Updates for McAfee Gateway Anti-Malware Engine and McAfee Anti-Malware Engine:
wpm.webwasher.com, wpm1‑2.webwasher.com
wpm1‑3.webwasher.com, wpm1‑4.webwasher.com
wpm‑usa.webwasher.com, wpm‑usa1.webwasher.com
wpm‑usa2.webwasher.com, wpm‑asia.webwasher.com
tau.mcafee.com, tau1‑2.mcafee.com
tau1‑3.mcafee.com, tau1‑4.mcafee.com
tau‑usa.mcafee.com, tau‑usa1.mcafee.com
tau‑usa2.mcafee.com, tau‑manual.mcafee.com
tau‑ldv1.securelabs.webwasher.com
tau‑ldv2.securelabs.webwasher.com
tau‑ldv3.securelabs.webwasher.com
tau‑europe.mcafee.com
tau‑dnv1.securelabs.webwasher.com
tau‑dnv2.securelabs.webwasher.com
tau‑dnv3.securelabs.webwasher.com
tau‑asia.mcafee.com
rpns.mcafee.com, mwg‑update.mcafee.com
manual.tau.mcafee-cloud.com |
The connection can be proxied. |
443 |
TCP (HTTPS) |
atdupdate.mcafee.com
europe.tau.mcafee-cloud.com
asia.tau.mcafee-cloud.com
usa.tau.mcafee-cloud.com |
- Updates for the TIS software.
- The update includes new detection and application package.
|
2222 |
TCP (SSH) |
Inbound connection from console |
Console CLI access. |
6080 |
TCP (HTTPS) |
Inbound connection from console |
For VM activation process and X-mode. |
8081 |
TCP |
Inbound connection from ePO/Agent Handler |
See the TA table in KB66797 - ePolicy Orchestrator port requirements for firewall traffic. |
8883 |
TCP |
Outbound connection to DXL brokers |
DXL client connectivity. |
8443 |
TCP |
Outbound connection to ePO Application Server |
Determine host operating system for sandbox analysis. |
8505 |
TCP |
Bidirectional |
Communication channel between a Sensor and TIS. |
ANY |
TCP |
Outbound connection to malware source (from dedicated malware interface) |
- When deploying TIS, provide a separate, segmented network where malware being analyzed attempts to download more payloads.
Can be facilitated by using the secondary NIC on an TIS appliance. This connection requires a dedicated IP address, which allows you to reduce connectivity from any ports to reflect your outbound access policies.
- Outbound connection from TIS malware interface to malware source sites for more downloads.
- The connection can be proxied.
|