Local ports

To implement certain features, the security software installed on the computers on the network uses these listening ports:

Windows

TCP port 18226: Used by computers with the cache role on all network interfaces. See Cache role.
TCP port 21226: Used by computers with the cache role to request the files to download on all network interfaces. See Cache role.
TCP port 3128: Used by computers with the proxy role on all network interfaces. See Cytomic proxy role.
UDP port 21226: Used by computers with the discovery computer role on all network interfaces. See Discovery computer role
TCP port 33000: Used by computers that make a VPN connection to the Firebox on all network interfaces. See Network Access Enforcement.
UDP port 35621: Used by the protection module on the localhost interface.

Linux

UDP port 21226: Used by computers with the discovery computer role on all network interfaces. See Discovery computer role
TCP port 4575: Used by the protection module on the localhost interface.
TCP port 8310: Used by the protection module on the localhost interface.
TCP port 5560: Internal process communication on the localhost interface.

macOS

UDP port 21226: Used by computers with the discovery computer role on all network interfaces. See Discovery computer role
TCP port 33000: Used by computers that make a VPN connection to the Firebox on all network interfaces. See Network Access Enforcement.
TCP port 4575: Used by the protection module on the localhost interface.
TCP port 8310: Used by the protection module on the localhost interface.
TCP port 5560: Internal process communication on the localhost interface.

Access to the web console

You can access the management console with the latest version of these browsers:

Chrome
Microsoft Edge
Firefox
Opera

Access to service URLs

For Advanced EDR to work correctly, the protected computers must be able to access these URLs.

Product name	URLs
Advanced EDR	https://.pandasecurity.com Downloading of installers, the generic uninstaller, and policies. Agent communications (registration, configuration, tasks, actions, status, real-time communications). Communications between the protection and Collective Intelligence. http://.pandasecurity.com Downloading of signature files. https://*.windows.net URLs to send unknown files: cmg-fusmb.pandasecurity.com cmp-fusmb.pandasecurity.com cpg-fusmb.pandasecurity.com cpp-fusmb.pandasecurity.com cppi-fusmb.pandasecurity.com cppl-fusmb.pandasecurity.com cppe-fusmb.pandasecurity.com rpuws.pandasecurity.com
Root certificates	http://.globalsign.com http://.digicert.com http://*.sectigo.com
Cytomic Data Watch	https://pandasecurity.devo.com
Cytomic Orion	To perform remediation actions from Cytomic Orion, you must allow access to these URLs on the computer local firewall if it is from a vendor other than Cytomic: dir.rc.pandasecurity.com through ports 8080 and 443. eu01.rc.pandasecurity.com through ports 8080 and 443. eu02.rc.pandasecurity.com through ports 8080 and 443. eu03.rc.pandasecurity.com through ports 8080 and 443. eu04.rc.pandasecurity.com through ports 8080 and 443. eu05.rc.pandasecurity.com through ports 8080 and 443. eu06.rc.pandasecurity.com through ports 8080 and 443. ams01.rc.pandasecurity.com through ports 8080 and 443. ams02.rc.pandasecurity.com through ports 8080 and 443.
Activity testing	For Windows protection versions higher than 8.00.16. http://proinfo.pandasoftware.com/connectiontest.html For connectivity tests http://*.pandasoftware.com
Network attack protection	https://cpg-nap.pandasecurity.com/nap/buffer https://cpp-nap.pandasecurity.com/nap/buffer
Service access URLs

Ports

Port 80 (HTTP)
Port 443 (HTTPS, websocket)
Port 8080 (access from Cytomic Orion)

Patch and update downloads (Cytomic Patch)

See this support article (https://www.pandasecurity.com/uk/support/card?id=700044) for a full list of the URLs that must be accessible from the network computers that receive patches, or from the network computers with the cache/repository role.