The table below summarizes the ports used by Sophos applications. There is a link to the Knowledgebase article or articles that provide more information.
|Component ||Functionality ||Port(s) ||Source article(s) |
|Client Firewall ||Port used by Remote Procedure Call (RPC) port mapper is 135 |
Default setting for PPTP Control Connection: remote port is 1723 and the local port is 1024-65535
|Sophos Update Manager (SUM) || |
SUM uses TCP port 80 for connections to an HTTP warehouse, and the NetBIOS ports for connections to a warehouse using UNC.
TCP Port 51234 is used for inter-process communication only, outgoing/incoming connections will not occur on this port.
8080 (e.g. proxy)
|Email Appliance ||Active Directory port: the port number of the server used for Active Directory lookups. If the Active Directory global catalog (GC) is used, the port is 3268. Otherwise, the default port is 389 ||3268 |
|Sophos Management Server ||Sophos Management Server comprises multiple components from this table. These include: |
- Remote Management System (RMS)
- Enterprise Console (optionally)
- Sophos Update Manager (SUM). See above.
- Server-side web services (SEC 5.0+). See article: 114182 for more information.
TCP 8192 and 8194
TCP 80 (default)
|Enterprise Console ||See Sophos Management Server above, for remote consoles see 49028. || |
|ES1000 ||Port 80 is used for user access whilst port 18080 is used for administrator access. || |
|PureMessage for Exchange ||Quarantine port is 8081 ||8081 || |
|PureMessage for UNIX ||Default is 5432.When dumping and restoring the PostgreSQL database, port temporarily changed to 5433. || |
|Remote Management System (RMS) ||To allow RMS to communicate through the Windows firewall ensure that TCP Ports 8194 are added as exceptions to the Windows Firewall to all endpoint computers and additionally 8192 for the Sophos management server and any message relay servers. ||8192 |
|Sophos Anti-Virus ||80: HTTP |
137: NetBios name service
138: NetBios session service
139: Datagram service
|Sophos Network Access Control (NAC) ||Communication between server and endpoints uses either: |
Enterprise Console: IP address discovery