GravityZone Communication Ports
Bitdefender GravityZone is a highly scalable and integrated security management solution capable of protecting from hundreds to millions of virtual or physical desktops, servers and mobile devices.
GravityZone manages all Bitdefender’s Enterprise Security Solutions within Control Center – a web-based console that provides control, reporting and alerting services for various roles within the organization.
The following table provides information on the ports used by the GravityZone components:
| Component | Direction | Port | Source / Destination | Description | ||||
| Web Console | Inbound | 80 (HTTP) | Any | Access to the Control Center web console, redirect to 443 | ||||
| 443 (HTTPS) | Any | Access to the Control Center web console | ||||||
| Outbound | 27017 |
GravityZone Database Server | Access to the GravityZone Database | |||||
| 389 | Domain Controller | Active Directory integration | ||||||
| 443 | vShield Manager | vShield Manager integration | ||||||
| 443 | my.bitdefender.com | My Bitdefender account integration | ||||||
| 443 | lv2.bitdefender.com | License validation | ||||||
| 7074 | Update Server | Downloading updates | ||||||
| Both | 4369, 6150 | GravityZone Appliance | RabbitMQ communication between all the nodes of the GravityZone management cluster. | |||||
| Communication Server | Inbound | 8443 | Any | Management Traffic – Security Server Agent, Mobile Client management | ||||
| Outbound | 27017 | GravityZone Database Server | Access to the GravityZone Database | |||||
| 5228, 5229, 5230 | Google Cloud Messaging | Push notifications to Android devices | ||||||
| 2195, 2196, 5223 | Apple Push Notification service | Push notifications to iOS devices. For more information, refer to this Apple KB article. | ||||||
| 7074 | Update Server | Downloading updates | ||||||
| Both | 4369, 6150 | GravityZone Appliance | RabbitMQ communication between all the nodes of the GravityZone management cluster. | |||||
| Database Server | Inbound | 27017 | GravityZone Database Server | Access to the GravityZone Database | ||||
| Outbound | 7074 | Update Server | Downloading updates | |||||
| Update Server | Inbound | 7074 | Any | Ports used to allow communication between Control Center and Communication Server. | ||||
| Outbound | 80 |
upgrade.bitdefender.com | Publishing updates | |||||
| download.bitdefender.com | Downloading updates | |||||||
| 7074 | Other local update server (optional) | Downloading updates | ||||||
| 7075 | Outside proxy servers (if configured) download.bitdefender.com upgrade.bitdefender.com lv2.bitdefender.com mybitdefender.com |
Handles communication between GravityZone services and the outside world. | ||||||
| All roles of the GravityZone VA | Outbound | 123 | Network Time Protocol server | Time synchronization between all GravityZone appliances. The NTP service synchronizes by default with ntp.pool.org. The NTP server address can also be changed from Control Center user interface. | ||||
| Endpoint Security BEST | Outbound | 80 | submit.bitdefender.com | Port used for submitting endpoint dumps in case of crashes. | ||||
| upgrade.bitdefender.com | The official Bitdefender update server | |||||||
| lv2.bitdefender.com | License validation | |||||||
| 7074 | Update Server | Downloading updates from Update Server | ||||||
| Endpoint Security/BEST Relay (if available) | Downloading installation packages in the deployment phase from Endpoint Security/BEST Relay Communication messages received from endpoints linked to Endpoint Security/BEST Relay |
|||||||
| 7076 | Bitdefender Cloud Servers: avc-fu.nimbus.bitdefender.net nimbus.bitdefender.net/elam/blob elam-fu.nimbus.bitdefender.net/submission nimbus.bitdefender.net |
Encrypted communication messages (when Endpoint Security/BEST Relay is used as a proxy) | ||||||
| 8443 | Communication Server | Link between Endpoint Security/BEST and Communication Server Downloading installation packages during deployment (Setup Downloader) |
||||||
| 443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | ||||||
| avc-fu.nimbus.bitdefender.net | Antimalware behavior scanning with Bitdefender Cloud Servers | |||||||
| nimbus.bitdefender.net/elam/blob | Early Launch Anti-Malware (ELAM) cloud server | |||||||
| elam-fu.nimbus.bitdefender.net/submission | Submission to Bitdefender cloud servers of unrecognized applications by Early Launch Anti-Malware (ELAM) module | |||||||
| nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Cloud Servers | |||||||
| Inbound | N/A | N/A | N/A | |||||
| Endpoint Security/BEST Relay | Outbound | 80 | submit.bitdefender.com | Port used for submitting endpoint dumps in case of crashes. | ||||
| upgrade.bitdefender.com | The official Bitdefender update server | |||||||
| lv2.bitdefender.com | License validation | |||||||
| 7074 | Update Server | Downloading updates from Update Server | ||||||
| Endpoint Security/BEST Relay* (if available) | Downloading installation packages in the deployment phase from Endpoint Security/BEST Relay Communication messages received from endpoints linked to Endpoint Security/BEST Relay |
|||||||
| 7076 | Bitdefender Cloud Servers: avc-fu.nimbus.bitdefender.net nimbus.bitdefender.net/elam/blob elam-fu.nimbus.bitdefender.net/submission nimbus.bitdefender.net |
Encrypted communication messages received from endpoints linked to Endpoint Security/BEST Relay | ||||||
| 8443 | Communication Server | Link between Endpoint Security/BEST Relay and Communication Server Downloading installation packages during deployment (Setup Downloader) |
||||||
| 443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | ||||||
| avc-fu.nimbus.bitdefender.net | Antimalware behavior scanning with Bitdefender Cloud Servers | |||||||
| nimbus.bitdefender.net/elam/blob | Early Launch Anti-Malware (ELAM) cloud server | |||||||
| elam-fu.nimbus.bitdefender.net/submission | Submission to Bitdefender cloud servers of unrecognized applications by Early Launch Anti-Malware (ELAM) module | |||||||
| nimbus.bitdefender.net | Antimalware, antiphishing and content control scanning with Bitdefender Cloud Servers | |||||||
| Inbound | 7074 | Endpoint Security, BEST | Communication messages (such as settings and events) received from endpoints linked to Endpoint Security/BEST Relay | |||||
| 7076 | Bitdefender Cloud Servers: avc-fu.nimbus.bitdefender.net nimbus.bitdefender.net/elam/blob elam-fu.nimbus.bitdefender.net/submission nimbus.bitdefender.net |
Encrypted communication messages received from endpoints linked to Endpoint Security/BEST Relay | ||||||
| Bitdefender Tools for Virtualized Environments Integrated with vShield | Outbound | 48651 | Security Server | Antimalware traffic scanning sent by vShield driver | ||||
| Inbound | N/A | N/A | N/A | |||||
| Security Server for Virtualized Environments Integrated with vShield | Outbound | 7074 | Update Server | Downloading updates from Update Server | ||||
| 8443 | Communication Server | Antimalware traffic scanning sent by vShield driver | ||||||
| Inbound | 48651 | Any | Linux virtual machines traffic scanning | |||||
| 48652 | Any | Communication between the hypervisor and Security Server | ||||||
| Bitdefender Tools for Virtualized Environments (Multi-Platform) | Outbound | 7081 | Security Server | Antimalware scanning with Security Server | ||||
| 7083 | Security Server | Antimalware scanning with Security Server when using SSL traffic encryption | ||||||
| 8443 | Communication Server | Communication between Bitdefender Tools and Communication Server Downloading installation packages during deployment |
||||||
| 7074 | Update Server | Downloading updates | ||||||
| 443 | Web Server | Downloading installation packages during deployment (Setup Downloader) | ||||||
| 80 | nimbus.bitdefender.net | Antimalware scanning with Bitdefender Cloud Servers | ||||||
| Inbound | N/A | N/A | N/A | |||||
| Security Server for Virtualized Environments (Multi-Platform) | Outbound | 7074 |
Update Server | Downloading updates from Update Server | ||||
| 8443 | Communication Server | Link between Security Server and Communication Server | ||||||
| Inbound | 7081 | Any | Antimalware traffic scanning sent by Bitdefender Tools | |||||
| 7083 | Any | Antimalware traffic scanning sent by Bitdefender Tools over SSL | ||||||
| GravityZone Mobile Client | Outbound | 8443 | Communication Server | Mobile Client management | ||||
| Inbound | N/A | N/A | N/A |
* Since the relay is an update server that needs to listen all the time on a port, Bitdefender provides a mechanism able to automatically open a random port on localhost (127.0.0.1), so that the update server can receive proper configuration details. This mechanism applies when the default port 7074 is used by another application. In this case, the update server tries to open the 7075 port to listen on localhost. If 7075 port is also unavailable, the update server will search for another port that is free (in range of 1025 to 65535) and successfully bind to listen on localhost.