Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
Sign In Create an Account Premier Sign In Partner Program Sign In

Dell Data Security Server Network and Firewall Requirements

Summary: Learn about Network and firewall requirements for installing Dell Security Management Server and Dell Security Management Server Virtual.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

The Dell Security Management Server (formerly Dell Data Protection | Enterprise Edition Server) and Dell Security Management Server Virtual (formerly Dell Data Protection | Virtual Edition) require several ports and services to be available to endpoints and to each other for proper communication and functionality of the products.
 

This article outlines the various services, ports, and network requirements for all installation types of the Dell Security Management Server and Dell Security Management Server Virtual.

Affected Products:

  • Dell Security Management Server
  • Dell Security Management Server Virtual
  • Dell Data Protection | Enterprise Edition Server
  • Dell Data Protection | Virtual Edition Server

Affected Versions:

  • v8.0 and Later

Affected Operating Systems:

  • Windows
  • Linux

Cause

Not applicable

Resolution

The Dell Security Management Server and its variants leverage several ports to communication between the various Dell Endpoint Security products. These ports all communicate over TCP on their respective ports, and all ports are inbound unless otherwise notated. Different ports are required for Endpoint Connectivity and for Internal Connectivity. Click the appropriate tab for more information.

Note: For information about SSL/TLS requirements, reference How to Disable TLS 1.0 and TLS 1.1 on Dell Security Management Server and Dell Security Management Server Virtual.
 

The services and ports below are required for endpoints' connectivity to the Dell Security Management Server. Each service/port contains a list of endpoint solutions that uses these services and ports for their communication.

Service Listening Port Protocol Direction Notes Products Used By
Security Server Proxy 8443 TCP Inbound Used for activation of endpoints, management of Dell’s preboot authentication environment remotely.
Present on Dell Security Management Server installed in front-end configuration.		 Dell Encryption Enterprise (Formerly Dell Data Protection | Enterprise Edition)
Dell Encryption External Media (Formerly Dell Data Protection | External Media Edition)
Dell Encryption Enterprise for Mac (Formerly Dell Data Protection | Enterprise Edition for Mac)
Dell Data Guardian (Formerly Dell Data Protection | Cloud Edition)
Dell Encryption Enterprise for Self-Encrypting Drives (Formerly Dell Data Protection | Self-Encrypting Drive Manager)
Dell Full Disk Encryption
Device Server 8081 TCP Inbound Used for activation of legacy Dell Encryption endpoints. No longer default for Dell Encryption 8.0 and later.
Present on Dell Security Management Server that is installed in front-end or back-end configuration and Dell Security Management Server Virtual.		 Dell Encryption Enterprise (Formerly Dell Data Protection | Enterprise Edition)
Dell Encryption External Media (Formerly Dell Data Protection | External Media Edition)
Dell Encryption Enterprise for Mac (Formerly Dell Data Protection | Enterprise Edition for Mac)
Policy Proxy 8000 TCP Inbound Used for policy and inventory management.
Present on Dell Security Management Server that is installed in front-end or back-end configuration and Dell Security Management Server Virtual.		 Dell Encryption Enterprise (Formerly Dell Data Protection | Enterprise Edition)
Dell Encryption External Media (Formerly Dell Data Protection | External Media Edition)
Dell Encryption Enterprise for Mac (Formerly Dell Data Protection | Enterprise Edition for Mac)
Core Server Proxy 8888 TCP Inbound Used to manage policy and inventory for encryption management agent-based applications.
Present on Dell Security Management Server installed in front-end configuration, and Dell Security Management Server Virtual.		 Dell Encryption Enterprise for Self-Encrypting Drives (Formerly Dell Data Protection | Self-Encrypting Drive Manager)
Dell Full Disk Encryption
Dell Endpoint Security Suite Pro
Dell BitLocker Manager (Formerly Dell Data Protection | BitLocker Manager)
Dell Endpoint Security Suite Enterprise
Beacon Server 8446 UDP Inbound Used to track protected office documents that are enabled with a remote beacon.
Present on Dell Security Management Server installed in front-end configuration.
Introduced in v9.5.
Deprecated in v10.2.9.		 Dell Data Guardian (Formerly Dell Data Protection | Cloud Edition, Dell Data Protection | Secure Lifecycle)
Key Server 8050 TCP Inbound Used for Kerberos-based authentication for Dell Encryption decryption key.
Present on Dell Security Management Server that is installed in back-end configuration and Dell Security Management Server Virtual.		 Dell Encryption Enterprise (Formerly Dell Data Protection | Enterprise Edition)
Dell Encryption External Media (Formerly Dell Data Protection | External Media Edition)
Dell Encryption Enterprise for Mac (Formerly Dell Data Protection | Enterprise Edition for Mac)
Security Server 8443 TCP Inbound Used for activation of endpoints, management of Dell’s preboot authentication environment remotely, and hosts the Dell Security Management Server’s administration console.
Present on Dell Security Management Server that is installed in back-end configuration and Dell Security Management Server Virtual.		 Dell Encryption Enterprise (Formerly Dell Data Protection | Enterprise Edition)
Dell Encryption External Media (Formerly Dell Data Protection | External Media Edition)
Dell Encryption Enterprise for Mac (Formerly Dell Data Protection | Enterprise Edition for Mac)
Dell Data Guardian (Formerly Dell Data Protection | Cloud Edition)
Dell Encryption Enterprise for Self-Encrypting Drives (Formerly Dell Data Protection | Self-Encrypting Drive Manager)
Dell Full Disk Encryption
Core Server 8888 TCP Inbound Used to manage policy and inventory for Dell encryption management agent-based applications.
Present on Dell Security Management Server that is installed in back-end configuration and Dell Security Management Server Virtual.		 Dell Encryption Enterprise for Self-Encrypting Drives (Formerly Dell Data Protection | Self-Encrypting Drive Manager)
Dell Full Disk Encryption
Dell Endpoint Security Suite Pro
Dell BitLocker Manager (Formerly Dell Data Protection | BitLocker Manager)
Dell Endpoint Security Suite Enterprise
Message Broker 61616 STOMP Inbound Present on Dell Security Management Server that is installed in back-end configuration and Dell Security Management Server Virtual. Dell Security Management Server (Formerly Dell Data Protection | Enterprise Edition) installed in back-end configuration
Dell Security Management Server Virtual (Formerly Dell Data Protection | Virtual Edition)
Recovery Server 8091 TCP Inbound Hosts the Dell Security Management Server’s Self-Service Recovery Portal for Dell BitLocker Manager clients.
Present on Dell Security Management Server that is installed in back-end configuration and Dell Security Management Server Virtual.
Introduced in v10.2.13.		 Dell BitLocker Manager (Formerly Dell Data Protection | BitLocker Manager)

These services and ports are used solely for the internal communication of the Dell Security Management Server (back-end and front-end modes), and Dell Security Management Server Virtual. These ports should not be exposed publicly but are listed here for informational and troubleshooting purposes.

Service Listening Port Protocol Direction Notes
Compatibility Server 1099 TCP Inbound The Compatibility Server links devices and users, arbitrates groups, generates new key material for Dell's policy-based encryption application, initiates, and processes jobs based on active directory reconciliation. Uses RMI for communication to other services. This service is critical to the Dell Security Management Server's operation.
Present on Dell Security Management Server that is installed in back-end configuration and Dell Security Management Server Virtual.
Compliance Reporter 8084 TCP Inbound This service pulls data directly from SQL to display compliance and custom report information that is based on the environment. This service is not critical to the core functionality of the Dell Security Management Server but is required to use Compliance Reporter within the administration console.
Present on Dell Security Management Server that is installed in back-end configuration and Dell Security Management Server Virtual.
Deprecated in v10.1.0.
Removed in v11.3.0.
Message Broker 61613 TCP Inbound The Dell Message Broker service is a messaging queue for various server communications. Typically used to store messages during high-load times that do not require immediate processing. These tasks can include policy updates for devices that are being delivered to a policy proxy, and geolocation data incoming from Dell Data Guardian services. This service is critical for the core functionality of the Dell Security Management Server.
Present on Dell Security Management Server that is installed in back-end configuration and Dell Security Management Server Virtual.
Access Group Service 8888 TCP Inbound The Access Group Service manages various permissions and group access for various Dell Endpoint Security products.
Present on Dell Security Management Server that is installed in back-end configuration and Dell Security Management Server Virtual.
Document Store 2424-2428 TCP Inbound The Document Store is used to generate and store policy documents for policy-based encryption within the Security Management Server.
Present on Dell Security Management Server installed in back-end configuration.
Deprecated in v8.3.1.
Identity Server 8445 TCP Inbound Performs Active Directory lookups and sync functions for user activation and user existence checks.
Present on Dell Security Management Server that is installed in back-end configuration and Dell Security Management Server Virtual.
Deprecated in v8.3.0. Resides as a function within the Security Server.
Inventory Server 8887 TCP Inbound Processes various agent inventory files and user-to-user group-mapping jobs and predetermined intervals.
Present on Dell Security Management Server Virtual.
Console Web Services 9010, 9011 TCP Inbound Legacy Remote Management Console interface between the Dell Core Server and Internet Information Services in SMS.
Remote Management Console interface between the Remote Management Console application to the Core Server within the SMSv.
Present on Dell Security Management Server that is installed in back-end configuration and Dell Security Management Server Virtual.
Deprecated in v9.2.0.
Core Server 9000 TCP Inbound Processes Security Token Service Messages from Core Server to Active Directory.
Present on Dell Security Management Server that is installed in back-end configuration and Dell Security Management Server Virtual.
Deprecated in v9.1.5.
PostgreSQL 5432 TCP Inbound Database server that is used for storing application event data for Dell Data Guardian, Dell Endpoint Security Suite Enterprise, and Dell Endpoint Security Suite Pro.
Present on Dell Security Management Server that is installed in back-end configuration and Dell Security Management Server Virtual.

These services and ports are for the external communication of the Dell Security Management Server (back-end mode), and Dell Security Management Server Virtual. These ports and services are outbound connections from the Dell Security Management Server (back-end mode) and Dell Security Management Server Virtual. Dell Security Management Server that is installed in front-end mode makes no external connections with Dell-supported configurations.

Service Destination URL Source Port Protocol Direction Notes
SMTP Configurable Configurable TCP Outbound SMTP settings are set within the Dell Security Management Server or Dell Security Management Server Virtual through their respective consoles. For more information, reference How to Configure SMTP Settings for Dell Data Security Servers.
Cylance Provisioning Varies by region, see notes 443 TCP Outbound Login URL Asia - https://login-au.cylance.com/sso/jwtThis hyperlink is taking you to a website outside of Dell Technologies.
Login URL Brazil - https://login-sae1.cylance.com/sso/jwtThis hyperlink is taking you to a website outside of Dell Technologies.
Login URL Europe - https://login-euc1.cylance.com/sso/jwtThis hyperlink is taking you to a website outside of Dell Technologies.
Login URL Japan - https://login-apne1.cylance.com/sso/jwtThis hyperlink is taking you to a website outside of Dell Technologies.
Login URL North America - https://login.cylance.com/sso/jwtThis hyperlink is taking you to a website outside of Dell Technologies.
Provisioning URL Asia - https://protect-api-au.cylance.comThis hyperlink is taking you to a website outside of Dell Technologies.
Provisioning URL Brazil - https://protect-api-sae1.cylance.comThis hyperlink is taking you to a website outside of Dell Technologies.
Provisioning URL Europe - https://protect-api-euc1.cylance.comThis hyperlink is taking you to a website outside of Dell Technologies.
Provisioning URL Japan - https://protect-api-apne1.cylance.comThis hyperlink is taking you to a website outside of Dell Technologies.
Provisioning URL North America - https://protect-api.cylance.comThis hyperlink is taking you to a website outside of Dell Technologies.
Product Notifications Sha2act.credant.com 443 TCP Outbound Product notifications enable administrators to receive information from Dell surrounding product updates, important vulnerability updates, and updates to configuration suggestions.
On-The-Box license acquisition Cloud.dell.com 443 TCP Outbound On-the-box licenses are consumed by the Dell Security Management Server and Dell Security Management Server Virtual during activation of endpoints. During activation, a service tag is sent to the Dell Security Management Server, which reaches out to cloud.dell.com to receive the applicable entitlements.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Additional Information

 

Videos

 

Affected Products

Dell Encryption
Article Properties
Article Number: 000126032
Article Type: Solution
Last Modified: 21 Nov 2023
Version:  13
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.