Configuring Ports

To ensure the functionality of the Sophos Web Appliance, configure your network to allow access on the ports listed below. Some ports are required only for specific situation, such as when you enable FTP backups or central management.

External Connections

These services are typically used for connections between your Web Appliance(s) and locations outside of your organization's network.

Port Function Service Protocol Connection
22 Remote assistance SSH TCP Outbound from appliance to sophos.com
22 Central configuration, status and reporting SSH TCP Outbound from Web Appliance to Management Appliance (if not collocated)
25 Remote assistance notification SMTP TCP Outbound from appliance to sophos.com
80 Outbound network web traffic HTTP TCP Outbound from appliance to internet
123 Network time synchronization NTP UDP Outbound from appliance to internet
443 Outbound network web traffic HTTPS TCP Outbound from appliance to internet
Note
Opening ports 80 and 443 is a standard best practice. However, certain web sites may also require other ports to be opened.

Internal Connections

These services are typically used for connections within your organization's network and your Web Appliance(s), or between appliances themselves, if you have multiple appliances.

Port Function Service Protocol Connection
21 Backups using passive FTP FTP TCP Outbound from appliance to FTP server
22 Central configuration, status and reporting SSH TCP Outbound from Web Appliance to Management Appliance (if collocated)
53 DNS queries DNS UDP Outbound from Appliance to LAN
80 administrative web interface HTTP TCP Inbound from LAN to appliance
88 Kerberos authentication KERBEROS TCP/UDP Inbound/outbound between appliance and AD server
139 MS NetBIOS session NETBIOS-SSN TCP/UDP Inbound/outbound between appliance and AD server
389 Directory services synchronization LDAP TCP/UDP Inbound/outbound between appliance and AD server
443 administrative web interface HTTPS TCP Inbound from LAN to appliance
445 MS server message block SMB TCP/UDP Inbound/outbound between appliance and AD server
636 LDAP synchronization LDAPS TCP Inbound/outbound between appliance and eDirectory server
3268 MS AD Global Catalog synchronization MSGC TCP/UDP Inbound/outbound between appliance and AD server
8080 Proxy (end user web browsing) HTTP/HTTPS TCP Inbound/outbound between LAN and appliance