Local ports and URL access

Local ports

To implement certain features, the security software installed on the computers on the network uses these listening ports:

Windows

  • TCP port 18226: Used by computers with the cache role on all network interfaces. See Cache role.

  • TCP port 21226: Used by computers with the cache role to request the files to download on all network interfaces. See Cache role.

  • TCP port 3128: Used by computers with the proxy role on all network interfaces. See Cytomic proxy role.

  • UDP port 21226: Used by computers with the discovery computer role on all network interfaces. See Discovery computer role

  • TCP port 33000: Used by computers that make a VPN connection to the Firebox on all network interfaces, and for communication between computers. See Network Access Enforcement and Endpoint Access Enforcement settings.

  • UDP port 35621: Used by the protection module on the localhost interface.

Linux

  • UDP port 21226: Used by computers with the discovery computer role on all network interfaces. See Discovery computer role

  • TCP port 4575: Used by the protection module on the localhost interface.

  • TCP port 8310: Used by the protection module on the localhost interface.

  • TCP port 5560: Internal process communication on the localhost interface.

  • TCP port 33000: Used by computers that make a VPN connection to the Firebox on all network interfaces, and for communication between computers. See Network Access Enforcement and Endpoint Access Enforcement settings.

macOS

  • UDP port 21226: Used by computers with the discovery computer role on all network interfaces. See Discovery computer role

  • TCP port 33000: Used by computers that make a VPN connection to the Firebox on all network interfaces. See Network Access Enforcement.

  • TCP port 4575: Used by the protection module on the localhost interface.

  • TCP port 8310: Used by the protection module on the localhost interface.

  • TCP port 5560: Internal process communication on the localhost interface.

  • TCP port 33000: Used by computers that make a VPN connection to the Firebox on all network interfaces, and for communication between computers. See Network Access Enforcement and Endpoint Access Enforcement settings.

Access to the web console

You can access the management console with the latest version of these browsers:

  • Chrome

  • Microsoft Edge

  • Firefox

  • Opera

Access to service URLs

For Advanced EDR to work correctly, the protected computers must be able to access these URLs.

Product name URLs

Advanced EDR

  • https://*.pandasecurity.com

    • Downloading of installers, the generic uninstaller, and policies.

    • Agent communications (registration, configuration, tasks, actions, status, real-time communications).

    • Communications between the protection and Collective Intelligence.

  • http://*.pandasecurity.com

    • Downloading of signature files.

  • https://*.windows.net

URLs to send unknown files:

  • cmg-fusmb.pandasecurity.com

  • cmp-fusmb.pandasecurity.com

  • cpg-fusmb.pandasecurity.com

  • cpp-fusmb.pandasecurity.com

  • cppi-fusmb.pandasecurity.com

  • cppl-fusmb.pandasecurity.com

  • cppe-fusmb.pandasecurity.com

  • rpuws.pandasecurity.com

Root certificates

  • http://*.globalsign.com

  • http://*.digicert.com

  • http://*.sectigo.com

Cytomic Data Watch

  • https://pandasecurity.devo.com

Cytomic Orion

To perform remediation actions from Cytomic Orion, you must allow access to these URLs on the computer local firewall if it is from a vendor other than Cytomic:

  • dir.rc.pandasecurity.com through ports 8080 and 443.

  • eu01.rc.pandasecurity.com through ports 8080 and 443.

  • eu02.rc.pandasecurity.com through ports 8080 and 443.

  • eu03.rc.pandasecurity.com through ports 8080 and 443.

  • eu04.rc.pandasecurity.com through ports 8080 and 443.

  • eu05.rc.pandasecurity.com through ports 8080 and 443.

  • eu06.rc.pandasecurity.com through ports 8080 and 443.

  • ams01.rc.pandasecurity.com through ports 8080 and 443.

  • ams02.rc.pandasecurity.com through ports 8080 and 443.

Activity testing

For Windows protection versions higher than 8.00.16.

  • http://proinfo.pandasoftware.com/connectiontest.html

For connectivity tests:

  • http://*.pandasoftware.com

Network attack protection

  • https://cpg-nap.pandasecurity.com/nap/buffer

  • https://cpp-nap.pandasecurity.com/nap/buffer
MITRE

  • Windows: cpp-fuelg.pandasecurity.com

  • Linux: cppl-fuelg.pandasecurity.com

  • Mac: cppi-fuelg.pandasecurity.com

  • cppe-fuelg.pandasecurity.com

  • cpg-fuelg.pandesecurity.com

Service access URLs

Access to URLs for patch and update downloads (Cytomic Patch)

For a complete list of the URLs that must be accessible to the network computers that receive patches or have the cache/repository role, see this support article: https://www.pandasecurity.com/uk/support/card?id=700044.