Solved: Re: services from FTD Management Interface to Cisco Cloud

lupingyao · ‎11-05-2018

Hi,

could anyone tell me about the servcies from FTD Management Interface direct to Cisco Cloud, i find the FTD tried to connect the "fmc.api.threatgrid.eu port 443", is this just the connection for AMP Sandboxing? or there are more services from the connection?

Regards

Robin

Abheesh Kumar · ‎11-05-2018

Hi Lupingyao,

Below table explains the communication from management interface of FMC and the required ports.

Default Communication Ports for Firepower System Features and Operations

Port	Description	Direction	Is Open on...	To...
22/tcp	SSH/SSL	Bidirectional	Any	allow a secure remote connection to the appliance.
25/tcp	SMTP	Outbound	Any	send email notices and alerts from the appliance.
53/tcp	DNS	Outbound	Any	use DNS.
67/udp 68/udp	DHCP	Outbound	Any	use DHCP. Note that these ports are closed by default.
80/tcp	HTTP	Outbound	Management Center,7000 & 8000 Series	allow the RSS Feed dashboard widget to connect to a remote web server.
		Bidirectional	Management Center	update custom and third-party Security Intelligence feeds via HTTP. download URL category and reputation data (port 443 also required).
161/udp	SNMP	Bidirectional	Any	allow access to an appliance’s MIBs via SNMP polling.
162/udp	SNMP	Outbound	Any	send SNMP alerts to a remote trap server.
389/tcp 636/tcp	LDAP	Outbound	Any exceptNGIPSv	communicate with an LDAP server for external authentication.
389/tcp 636/tcp	LDAP	Outbound	Management Center	obtain metadata for detected LDAP users.
443/tcp	HTTPS	Inbound	Any exceptNGIPSv	access an appliance’s web interface.
443/tcp	HTTPS AMQP AMP cloud, AMP Threat Gridcloud, and Threat Intelligence Communication Preferences	Bidirectional	Management Center	obtain: software, intrusion rule, VDB, and GeoDB updates URL category and reputation data (port 80 also required) the Intelligence Feed and other secure Security Intelligence feeds endpoint-based (AMP for Endpoints) malware events malware dispositions for files detected in network traffic dynamic analysis information on submitted files
		Bidirectional	Management Center,7000 & 8000 Series	download software updates using the device’s local web interface.
		Bidirectional	Any managed device	submit files for dynamic analysis.
514/udp	syslog	Outbound	Any	send alerts to a remote syslog server.
623/udp	SOL/LOM	Bidirectional	7000 & 8000 Series	allow you to perform Lights-Out Management using a Serial Over LAN (SOL) connection.
1500/tcp 2000/tcp	database access	Inbound	Management Center	allow read-only access to the database by a third-party client.
1812/udp 1813/udp	RADIUS	Bidirectional	Any exceptNGIPSv	communicate with a RADIUS server for external authentication and accounting.
3306/tcp	User Agent	Inbound	Management Center	communicate with User Agents.
8302/tcp	eStreamer	Bidirectional	Management Center , 7000 & 8000 Series	communicate with an eStreamer client.
8305/tcp	appliance comms.	Bidirectional	Any	securely communicate between appliances in a deployment. Required.
8307/tcp	host input client	Bidirectional	Management Center	communicate with a host input client.
32137/tcp	AMP cloud and Threat Intelligence Communication Preferences	Bidirectional	Management Center	allow upgradedManagement Centers to communicate with the Cisco AMP cloud.

HTH

-Abheesh

View solution in original post

Abheesh Kumar · ‎11-05-2018

Hi Lupingyao,

Below table explains the communication from management interface of FMC and the required ports.

Default Communication Ports for Firepower System Features and Operations

Port	Description	Direction	Is Open on...	To...
22/tcp	SSH/SSL	Bidirectional	Any	allow a secure remote connection to the appliance.
25/tcp	SMTP	Outbound	Any	send email notices and alerts from the appliance.
53/tcp	DNS	Outbound	Any	use DNS.
67/udp 68/udp	DHCP	Outbound	Any	use DHCP. Note that these ports are closed by default.
80/tcp	HTTP	Outbound	Management Center,7000 & 8000 Series	allow the RSS Feed dashboard widget to connect to a remote web server.
		Bidirectional	Management Center	update custom and third-party Security Intelligence feeds via HTTP. download URL category and reputation data (port 443 also required).
161/udp	SNMP	Bidirectional	Any	allow access to an appliance’s MIBs via SNMP polling.
162/udp	SNMP	Outbound	Any	send SNMP alerts to a remote trap server.
389/tcp 636/tcp	LDAP	Outbound	Any exceptNGIPSv	communicate with an LDAP server for external authentication.
389/tcp 636/tcp	LDAP	Outbound	Management Center	obtain metadata for detected LDAP users.
443/tcp	HTTPS	Inbound	Any exceptNGIPSv	access an appliance’s web interface.
443/tcp	HTTPS AMQP AMP cloud, AMP Threat Gridcloud, and Threat Intelligence Communication Preferences	Bidirectional	Management Center	obtain: software, intrusion rule, VDB, and GeoDB updates URL category and reputation data (port 80 also required) the Intelligence Feed and other secure Security Intelligence feeds endpoint-based (AMP for Endpoints) malware events malware dispositions for files detected in network traffic dynamic analysis information on submitted files
		Bidirectional	Management Center,7000 & 8000 Series	download software updates using the device’s local web interface.
		Bidirectional	Any managed device	submit files for dynamic analysis.
514/udp	syslog	Outbound	Any	send alerts to a remote syslog server.
623/udp	SOL/LOM	Bidirectional	7000 & 8000 Series	allow you to perform Lights-Out Management using a Serial Over LAN (SOL) connection.
1500/tcp 2000/tcp	database access	Inbound	Management Center	allow read-only access to the database by a third-party client.
1812/udp 1813/udp	RADIUS	Bidirectional	Any exceptNGIPSv	communicate with a RADIUS server for external authentication and accounting.
3306/tcp	User Agent	Inbound	Management Center	communicate with User Agents.
8302/tcp	eStreamer	Bidirectional	Management Center , 7000 & 8000 Series	communicate with an eStreamer client.
8305/tcp	appliance comms.	Bidirectional	Any	securely communicate between appliances in a deployment. Required.
8307/tcp	host input client	Bidirectional	Management Center	communicate with a host input client.
32137/tcp	AMP cloud and Threat Intelligence Communication Preferences	Bidirectional	Management Center	allow upgradedManagement Centers to communicate with the Cisco AMP cloud.

HTH

-Abheesh

lupingyao · ‎11-05-2018

thanks, Abheesh!!!